Client Privacy Notice
Medicys Limited is committed to protecting the privacy of the information we collect from each Client. The following Notice outlines how we use that information. This Notice was established in 2018 and was last updated on 1st January 2018.
Medicys Limited is a member of, and complies with, the Codes of Conduct and Legal and Ethical Standards as prescribed by the BHBIA, EphMRA and ESOMAR. These guidelines are extremely comprehensive, and act as a pillar of our key business processes (including how we protect the rights of clients and handle data).
PURPOSES FOR DATA PROCESSING
Most importantly, we use your information only for administration of market research activities, assignments and projects, and for no other purpose, and as such your details will not be passed to third party vendors for selling non-relevant services and products. We are simply interested in giving you the best service possible.
Our purpose in collecting the information is to engage in legal commerce and to offer products and services of value to our customers.
We use this information to:
Provide services that you request; Communicate with you; Personalize the information we send you; We may also use this information to generate a quote for our services, and to manage any project that may be commissioned; To let you know about our other services and products, that may be of interest; Information provided may be used to update data we currently hold; To evaluate, assess and improve our services; To contact you to undertake customer satisfaction surveys; To process our invoices; For other business-related purposes permitted or required under applicable local law and regulation; and As otherwise required by law.
LEGAL BASES FOR DATA PROCESSING
Our legal bases for the processing of your Personal Data are:
1) your consent; 2) our contract with your organization; 3) any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services of value to our clients.
We will retain your information for as long as your account is active and for at least twenty-four (24) months thereafter to allow you to re-activate your account without loss of data. We will also retain your information as necessary with our legal obligations, to resolve disputes and enforce our agreements. We will also retain your information for as long as is permitted under applicable law.
COLLECTION AND USE OF PERSONAL DATA
Much of the information we receive is from you, and gathered during our relationship with you, especially in the provision of market research services.
We collect information from users of our products and services, and visitors to our websites and other applications, including personal information such as: Name; Company name; Postal address; Email address; Phone number; Fax number; Job title; VAT or Tax number, IP address; Device ID; and Quote History. We may also collect information from telephone conversations which are recorded for the purpose of training and quality control.
You are required to provide this information in order to receive our products or services. If you choose not to do so, we will not be able to provide you with our products or services or with other support or responses.
The information you share with us is stored, and processing is undertaken for the performance of a contract to which a Client is party or to take steps at the request of the Client prior to entering into a contract of service. This includes: Information submitted via forms completed on our website or third- party websites including your names, e-mail, telephone number and address; E-mails, telephone calls, letters and by other means, all communication to the offices and personnel of Medicys Limited, including requests for information and requests to provide a proposal.
Subcontracting In certain circumstances other parties may be commissioned to provide some of our services requested by you. In such instances some of the information we hold about you will be disclosed to them. You can find more about this in our terms and conditions. In such cases only the minimum of data needed to complete the task will be shared. In such cases, all suppliers will be obliged in writing to maintain the privacy of your information in accordance with this Policy and agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Notice.
Monitoring Usage We also use analytical and statistical tools (Google Analytics) that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
Marketing Information We may also share with you at anytime further information about our products and services, and information concerning the regulatory or industry environment, which we deem of relevance and interest to you. We use a third party e-mail system for this purpose: NewZapp
Live Chat We collect data about visitors of websites using the Crisp chat client. This data is collected anonymously and is not directly bound to any identifiable user, whether it be its personal identity, or its network information. We use a third party chat service for this purpose: Crisp Chat
TRANSFER OF DATA
As part of your interactions with us/our website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA - this is generally the nature of data stored in “the Cloud”.
It may also be processed by staff operating outside the EEA who work with/or one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
A transfer of your personal data may happen if any of our servers are in a country outside of the EEA or one of our service providers is in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this Privacy Notice and in accordance with the GDPR.
If you wish to know more about international transfers of your personal data, you may contact us as specified in the Questions and Complaints Section of this Notice.
DISCLOSURE OF YOUR INFORMATION
Please be aware that in rare situations, it may be necessary disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA
Medicys Limited recognizes that EU individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights.
We offer individuals the opportunity to opt out of disclosures of Personal Data to a Third Party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
We comply with data privacy principles in respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a Third Party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
At any point you can ask to withdraw, request access to the information we currently hold, amend or rectify that information and request that we no longer contact you or retain your information, without cost to you.
Medicys Limited has designated the IT Department to oversee its information security program. The IT Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to firstname.lastname@example.org
Medicys Limited will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. Medicys Limited personnel will receive training, as applicable, to effectively implement this Policy. All information we retain is treated as strictly confidential, managed only by key members of our team.
Adequate precautions are taken to protect personal data, any sensitive data and confidential information against unauthorized access including but not limited to user identification and password only access, pseudonymizing, encryption and firewall protection.
THIRD PARTY LINKS
You might find links to third party websites on our website. These websites should have their own Privacy Policies, which you should check. We do not accept any responsibility or liability for their Policies whatsoever as we have no control over them.
Right to Access You have the right to obtain confirmation about whether Personal Data is included about you in our databases.
Upon request, Medicys Limited will provide an individual access to his or her Personal Data within a reasonable timeframe. Medicys Limited will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Medicys Limited collected the Personal Data.
You may review your own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
You may access and modify your Personal Data by contacting Medicys Limited by phone, post or email. In making modifications to your Personal Data, you must provide only truthful, complete, and accurate information.
Rectification and Erasure You may request that we rectify or delete any of your personal data that is incomplete, incorrect, unnecessary or outdated.
Objection You may object, at any time, to your personal data being processed for direct marketing purposes.
Restriction of Processing You may restrict processing of your personal data for certain reasons, such as, for example if you consider your personal data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
Data Portability You may request the data you provided to us in a commonly used and machine-readable form.
Right to Withdraw Consent You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our products and services.
To exercise any of the above mentioned rights, please contact us as set forth below. We will process any requests in accordance with applicable law and within a reasonable period of time.
We recommend that you include documents that prove your identity and a clear and precise description of your request. Please note that in some cases, especially if you wish us to delete or cease the processing of your personal data, we may no longer be able to provide our products or services to you.
Via Email: email@example.com Via Postal Mail: Medicys Limited,152 Staplehurst Road, Sittingbourne, Kent ME10 1QZ, United Kingdom Via UK Phone: 44 (0) 1795 42 66 55
Requests for Personal Data Medicys Limited will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise:
(a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from clients.
CHANGES TO THIS NOTICE
This Notice may be amended from time to time, consistent with applicable data protection and privacy laws and principles. We will notify you if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow you to choose whether your Personal Data may be used in any materially different manner.
QUESTIONS OR COMPLAINTS
If you have any questions or complaints about this Privacy Notice or our data collection practices, please contact us at the details listed below and specify your country of residence and the nature of your question.
Via Email: firstname.lastname@example.org Via Postal Mail: Medicys Limited,152 Staplehurst Road, Sittingbourne, Kent, ME10 1QZ, United Kingdom Via UK Phone: 44 (0) 1795 42 66 55
If you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with your local supervisory authority responsible for data protection matters.
Medicys Limited is a registered Data Controller with the Information Commissioners Office If you have a concern about our information rights practices you can contact the ICO using their helpline: 0303 123 1113 or visit their website: https://ico.org.uk/concerns/. Our registration number is Z1909295.
At this stage the EC (European Commission) has issued draft adequacy decisions which set out that the UK should be found adequate. The draft decisions published on Friday 19 February 2021 have now been shared with the European Data Protection Board for a “non-binding opinion”, before being presented to EU member states for formal approval. For the moment an interim solution is in place which allows organisations that transfer personal data from the EU to the UK to continue to do so, for up to six months to give time for the EC (European Commission) to approve an adequacy decision for the UK. During this extension period, transfers of personal data from the EU (and the EEA) to the UK will not be considered transfers to a “third country” provided that the UKs data protection law remains the same as it was as of 31st December 2020.
For EU data subjects, and relevant supervisory authorities, with questions or concerns please contact our EU representative lead person Marie Payraudeau, email@example.com, +33 (0) 6 45 50 29 98