- Controller – The person or entity which alone or with others determines the purposes or means of processing Personal Data.
- Cookies – Small files stored on your device (computer or mobile device) to recognise your device and store some information about your account.
- Personal Data – Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
- Processor – Any person or legal entity who processes Personal Data on behalf of the Controller.
- Special Category Data – Sensitive Personal Data given special consideration in data protection law including Personal Data about your health.
- Usage Data – Data collected automatically either generated by the use of the Service or from the Service infrastructure itself about how you use our website, products and services (for example, the duration of a page visit).
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
Personal Data you provide to us
While using our Service, we may ask you to provide us with certain Personal Data. This may include, but is not limited to:
- Identity Data – includes first name, last name, username or similar identifier
- Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences
- Health Data – as set out in the section “Health Personal Information (Special Category Data)” below
DataSome of the Personal Data that you provide to us are required for you to create a profile on the Service and to comply with the Terms & Conditions. We will tell you if the provision of any Personal Data is necessary for the use of the Service or for us to comply with our legal obligations.
We may also collect Usage Data whenever you visit our Service or when you access the Service by or through a mobile device. Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, anonymous unique user identifiers and other diagnostic data.
Tracking & Cookies Data
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Analytics. We’d like to set use Analytics Cookies to help us to improve our Service by collecting and reporting information on how you use it.
- Security Cookies. We use Security Cookies for security purposes.
Use of Data and Lawful Grounds for Processing
Medsearch CRTM uses the collected data for various purposes and lawful bases:
- To register your profile and give you access to the Service
- To provide and maintain the Service
- To notify you about changes to our Service
Our lawful basis for the activities above is either: (a) where we have a contract with you (or one is in prospect), the processing is necessary for the performance of our contract with you or it is necessary to take steps at your request prior to entering into a contract; or (b) in all other cases, the pursuit of our legitimate interests of operating and expanding our business activities lawfully, running our business and for the purpose of the collaboration we have with our clients.
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer care and support
- To provide analysis or valuable information so that we can improve the Service
Our lawful basis for the activities above is the pursuit of our legitimate interests of developing our platform and our Service, growing and developing our business, to inform our marketing strategy and to keep our Service updated.
- To monitor the usage of the Service
- To detect, prevent and address technical issues
Our lawful basis for the activities above is the pursuit of our legitimate interests of operating and expanding our business activities lawfully or running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, and in all other circumstances, necessity to comply with our legal obligations.
- To generate anonymised aggregate reports regarding use of medicine and health conditions, which we may share with our commercial partners
- To generate anonymised aggregate reports on adverse drug events for health authorities e.g. FDA and MHRA or relevant pharmaceuticals in interest of public safety
- To support medical research, patients may choose to receive relevant medical news and information on current drug trials and studies
Our lawful basis for the activities above is the pursuit of our legitimate interests of developing our platform and our Service, pursuing the objectives of our business and promoting safe use of medications and to facilitate reporting of side effects to health care practitioners and to regulatory authorities, and because such processing is necessary and proportionate for pursuing scientific research using suitable safeguarding measures to protect your rights and interests.
- To audit and verify information within the anonymised aggregate report on adverse drug events for health authorities
Our lawful basis for the activity above is the pursuit of our legitimate interests of promoting safe use of medications and to facilitate reporting of side effects to health care practitioners and to regulatory authorities, and because such processing is necessary and proportionate for pursuing scientific research using suitable safeguarding measures to protect your rights and interests.
Health Personal Information (Special Category Data)
Disclosure of Data
Transfer of data to third parties and international transfers
Your Personal Data may be seen or used by our staff in the course of their duties or others lawfully working with us in the ordinary course of our business.
We may need to share your Personal Data with relevant third parties such as external service providers (including our Processor who hosts the platform), professional advisors, regulators and other authorities, or where you ask us to share your data.
We will only share Personal Data relating to your health with third parties in limited circumstances or with your consent (unless required to do so by law). These circumstances include where relevant health authorities need to verify or audit individual adverse drug reports generated through the Service for public health and drug monitoring (pharmacovigilance) activities (“Report Verification”). The relevant health authority or academic agency will be bound by strict confidential legal requirements, and the information will only be shared to verify data from the anonymous research reports. Other than those limited circumstances, any information that is used for research purposes through the Service or shared with third parties will be anonymised before it is shared with any third parties.
If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and process it there. We will only transfer health related Personal Data outside the country you access the Service or the United Kingdom for the limited purpose of Report Verifications. Countries that your health related Personal Data may be transferred to for the purpose of a Report Verification include (but are not limited to) the United States, Canada and Japan, and the transfer will always take place in accordance with data protection law and will be subject to appropriate safeguards to ensure its security.
We may disclose your Personal Data such action is necessary to:
- Comply with a legal obligation protect and defend the rights or property of Medsearch Health Companion TM
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users of the Service or the public
- Protect against legal liability
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
For Personal Data regarding your health, this will be retained for 10 years from the date that you provide us with that data. This is to comply with health authorities requirements for auditing the anonymised research information made from the Service. After 10 years your health related Personal Data will be anonymised (so that it can no longer be associated with you) and will continue to be used for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Links to Other Sites
Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
Whenever we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You also have specific rights under data protection law to:
- request a copy of Personal Data we hold about you and check that we are lawfully processing it (commonly known as a “data subject access request”;
- ask us to correct Personal Data that we hold about you, though we may need to verify the accuracy of the new data that you provide to us;
- ask us to erase Personal Data we hold about you, subject to limitation for specific legal reasons (such as retention periods required by law) which will be notified to you, if applicable, at the time of your request;
- object to our processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes;
- ask us to restrict our processing of your Personal Data if you want us to suspend the processing of your Personal Data; and
- ask us to transfer the Personal Data you gave us from one organisation to another, or give it to you. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Please contact us using the details below if you would like to exercise any of these rights.
If you have any complaints about how we process your Personal Data, in addition to contacting us you may lodge a complaint at any time with the relevant supervisory authority from your country (which in the UK is the Information Commissioners Office). We would, however, welcome the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
Medsearch CRTM is a registered trademark of Medsearch UK Limited
Copyright © 2020, MSUK, All Rights Reserved