The policy describes how we process personal data, which personal data we collect and why we collect it, with whom we share this personal data, how we protect it, and the choices you can make about how we use your personal data. This policy applies to any personal data collected, held or processed by or on behalf of MedAccess.
The scope of this policy also includes all the websites, applications, mobile sites, and social media platforms that are owned by MedAccess, where personal data is processed.
Please check this policy periodically at www.medaccess.org/privacy-policy to inform yourself of any changes.
We will collect your name and email address if you choose to subscribe to our newsletter. We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. For more information, please see:
When you submit an enquiry, we will collect your email address and comments, we will also collect your first name, surname and your company name and phone number if you choose to provide it.
Where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
When you send an email to us we may collect your IP address, email address and other data you have provided within the email or attachments. The information will only be used to address the purposes of your request, it will be recorded in our email and email security systems.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with security best practices. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
When you call MedAccess, we collect Calling Line Identification (CLI) information which may include your telephone number. We use this information to help improve our efficiency and effectiveness. We do not record phone conversations.
We will only use your personal data to send communications via electronic means (e.g. email, SMS or MMS) if we have obtained your prior consent or have a legitimate and lawful interest to do so. You can withdraw your consent or object to communications at any point in time, by contacting the Data Protection Officer (DPO) at firstname.lastname@example.org
MedAccess will only process your personal data to achieve the purposes it was collected for, or for any other legitimate and lawful purpose.
MedAccess will notify the processing of personal data to the relevant authorities to the extent required under all applicable data protection laws and regulations.
It is important for us to maintain accurate and up to date records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible by contacting the DPO at email@example.com
We will take reasonable steps to make sure that any inaccurate or out-of-date data is deleted, destroyed or amended accordingly.
You have the right to access the personal data we hold about you and, if such personal data is inaccurate or incomplete, to request the rectification or erasure of such personal data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact the DPO at firstname.lastname@example.org
We shall retain your personal data in a manner consistent with the applicable data protection laws and regulations. We will only retain your personal data for as long as necessary to comply with the applicable laws and regulations or for the purposes for which we process your personal data. For guidance on how long certain personal data is likely to be kept before being destroyed, please contact the DPO at email@example.com
We shall ensure that appropriate technical and organisational security measures are taken against unlawful or unauthorised processing of personal data, and against the misuse, destruction, disclosure, acquisition, accidental loss of, or damage to personal data. Personal data shall only be processed by a third-party processor if they can demonstrate adequate compliance or certification to relevant information security standards and practices.
Maintaining data security means protecting the confidentiality, integrity and availability of the personal data:
We have put in place security measures to prevent your data from accidental loss or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
MedAccess has taken the decision to appoint a DPO to monitor internal compliance, inform and advise on our data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and to act as a contact point for data subjects and the supervisory authority. The designated DPO for MedAccess and their contact information is as follows:
MedAccess Guarantee Ltd
123 Victoria Street
If you have a query in relation to this policy or our processing of your personal data, you can contact the DPO.
For the above-mentioned purposes, we may disclose your personal data to the following categories of recipients:
Your personal data may be transferred to any of the recipients identified in this policy, some of which may be outside the EU and may be processed by us and any of these recipients in any country worldwide. The countries to which your personal data is transferred may not offer an adequate level of protection. In connection with any transfer of personal data to countries that do not offer the same level of protection as in the EU, MedAccess shall implement appropriate measures to ensure an adequate level of protection of your personal data.
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your information. We can contact you by post and by phone, and if you give us your prior consent to do so, by email, SMS and other electronics means.
In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (e.g. email, mail, social media, etc.), for which purpose and how frequently, by contacting firstname.lastname@example.org
Please note that by default, if you don’t make a choice, you will receive our communications at the following frequency: at the date of publication.
You may always contact us by post or email to find out what personal information we have concerning you, the origin of the data and to access or receive a copy of your data.
If you find any mistake in your personal information or if you find it incomplete or incorrect, you can request that we correct it or complete it.
You may also object to the use of your data for direct marketing purposes (if you prefer, you can also advise us on which channel and how frequently you prefer to be contacted by us).
You may request a copy of your personal data from us in a structured, commonly used and machine-readable format. You can also request that we transfer your personal data to another controller. Portability applies when we process your personal data in an automated means with your consent.
Finally, you may request for us to erase any data concerning you (except in some cases, for example, where we are required to retain the data by law).
For any privacy issues, questions or complaints concerning the application of this policy or to exercise your rights within the context of this policy, you may contact our DPO at email@example.com
Alternatively, you may write to us:
MedAccess Guarantee Ltd
123 Victoria Street