Last Updated: 06 July 2018
By clicking the "Accept" box where indicated, submitting your personal data to us, and using the services you are accepting the practices described in this Policy.
The term "personal data" as used in this Policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you. Personal data includes special categories of personal data such as data concerning health and pseudonymised personal data, but excludes anonymous data or information that has had the identity of an individual permanently removed.
The Website is operated by MDX Healthcare Limited (company number 07818365, whose registered office is at 3rd Floor, The Heights 59-65 Lowlands Road, Harrow, Middlesex, HA1 3AW). Throughout this Policy, "MDX" "we", "us" and "our" refer to MDX Healthcare Limited. For the purposes of the applicable data protection legislation, MDX Healthcare Limited is the “data controller” and responsible for your personal data.
We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
If you have any questions about this Policy or our privacy practices, please contact our DPO in the following ways:
84 High Street
You have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
PERSONAL DATA WE COLLECT
We may collect and process the following personal data about you:
Personal Data You Provide To Us
You may provide us with personal data by answering questions or filling in forms on our Website or by corresponding with us by e-mail or otherwise. This includes information you provide when you purchase products from us, reply to an email, enter a competition, promotion or survey or when you report a problem with our Website.
The personal data you provides:
- E-mail Address
- Phone Number
- Financial Information (such as credit or debit card information)
If you are purchasing a licenced medicine, we will ask you to provide special categories of personal data such as data concerning your health and medical history. We will retain such data as well as records about the licenced medicine we have dispensed to you in line with our legal obligations.
We will never collect sensitive personal data about you without your explicit consent. The information we hold will be accurate and up to date.
Information We Collect About You
When you visit our Website our web servers automatically collect technical information about your computer or device, including your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We also collect information about your visit and how you use our Website, including pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), your browsing history, methods used to browse away from the page, and any phone number used to call our customer service number.
This information may be aggregated to measure the number of visits, average time spent on our Website, pages viewed, etc. We use this information to measure the use of our Website and to improve the content we offer. We may share anonymised use information or other data with third parties on an aggregated basis without the use of any information that personally identifies you.
This information will be combined with other information you provide to us, as described above. We will use this information and the combined personal data for purposes set out in this Policy (depending on the types of information we receive).
Personal Data We Receive From Other Sources
We work closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, and search information providers) and may receive information, including personal data, about you from them. This may be combined with other information you provide to us, as described above.
USE OF PERSONAL DATA
We will only process your personal data in accordance with this Policy and the applicable law.
We will process your personal data for the following purposes as is necessary for the performance of a contract between you and us, or to answer questions or take steps at your request prior to entering into a contact:
- To create and maintain your customer account, if you become a registered customer;
- To handle and fulfil your orders, if you order products from us. This may also include processing of personal data that we receive from third parties, for example, address data to verify your correct address;
- To notify you about changes to our services, and to send you service emails relating to the activities you have asked us to undertake on your behalf; and
- To administer any promotion or competition, that you enter via our Website or via email communication.
We will process your personal data for the following purposes as necessary for certain legitimate interests, or where you have given your informed consent to such processing as required by applicable law (such consent can be withdrawn at any time):
- To offer our services to you in a personalised way, for example, we may provide suggestions based on your previous requests to enable you to identify suitable products and services more quickly. This may also include, where legally permitted, processing data related to your location;
- To allow you to participate in interactive features of our services, when you choose to do so;
- To send you personalised marketing communications, in order to keep you informed of our and our selected partner’s products and services, which we consider may be of interest to you;
- To provide you, or allowing selected third parties to provide you, with information about products or services, that may interest you; and
To serve personalised advertising to your devices, delivering ads based on your interests ascertained from your past requests,
visits of subpages and purchases on our Website, and other data obtained through the use of “cookies” placed on your devices.
We will process your sensitive personal data for the following purposes where you have given your explicit consent to such processing as required by applicable law (such consent can be withdrawn at any time):
- To handle and fulfil your orders, if you order products from us. For example, we will process your medical history to assess whether you are suitable to receive the medication that you have requested and to fulfil your order.
We will process your personal data for the following purposes as necessary in our legitimate business interests, (provided such interests are not overridden by your interests or fundamental rights:
- To resolve any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our service offering;
- To ensure the security of your account and our business, preventing or detecting fraud or abuses of our Website, for example, by requesting verification information in order to reset your account password (if applicable);
- To develop and improve our products and services, for example, by reviewing visits to our Website and its various subpages, demand for specific products and services and user comments;
- To administer our Website and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- As part of our efforts to keep our Website safe and secure, and
- To comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
We may process your personal data in order to protect your vital interests or the vital interests of another person, including (without limitation) if we have significant concerns about your health and/or wellbeing.
DISCLOSURE OF PERSONAL DATA
There are circumstances where we wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above.
We will disclose your personal data to:
- Our subsidiaries, branches or associated offices;
- Our outsourced service providers or suppliers to facilitate the provision of our products to you, for example, service providers who host and administer our Website, assess the validity of your order and prescriptions, process your order and payment, provide customer services and respond to your enquiries on our behalf, and handle the fulfilment and delivery of our products;
- Independent physicians who will review your prescriptions and medical history in order to process your order;
- Our data centre provider (based in Hong Kong) and web hosting provider (based in Ireland) and to identity verification partners in order to verify your identity against public databases;
- Our advertising partners who enable us to deliver personalised ads to your devices or similar advertising where you have given your consent if required by the applicable law;
- Subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by notifying us at [email protected] or by clicking “unsubscribe” in the message concerned;
- Analytics and search engine providers that assist us in the improvement and optimisation of our Website. Your personal data is generally shared in a form that does not directly identify you;
- Third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- Healthcare professionals, social services or emergency services in certain situations, including (without limitation): where we believe that you are, or someone else is, at risk of neglect, sexual physical or emotional abuse; a serious crime has occurred or may occur, or where it is considered that someone may be at risk of significant harm or serious addiction as a result of the information we receive; if we have significant concerns about your health and/or wellbeing; or where this is otherwise required by law;
- Another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy;
- Public authorities where we are required by law to do so;
- If required, in order to receive legal advice; and
- Any other third party where you have provided your consent.
INTERNATIONAL TRANSFER OF PERSONAL DATA
We will transfer your personal data to our affiliates and third party service providers in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your personal data will be transferred outside of the European Economic Area (EEA) and stored, or processed in other countries (including Hong Kong and Canada), as part of our business operations.
Customer service representatives based in the Philippines and Mauritius may access your personal data to provide services and respond to your enquiries.
In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.
Where we share personal data with a third party located in a non-EU jurisdiction that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses and EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, to transfer the data.
Please contact us for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.
RETENTION OF PERSONAL DATA
Your personal data will be retained until your last use of our services and normally for a period of three years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your personal data that is no longer required for the purposes set out in this Policy. The retention of your personal data will be subject to periodic review.
We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
Please contact us at [email protected] if you would further details about our data retention periods.
DATA SUBJECT RIGHTS
In certain circumstances, you have the following rights under the data protection law in relation to your personal data:
- Request access to your personal data. You may have the right to request access to any personal data we hold about you as well as related information, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making.
- Request correction of your personal data. You may have the right to obtain without undue delay the rectification of any inaccurate personal data we hold about you.
- Request erasure of your personal data. You may have the right to request that personal data held about you is deleted.
- Request restriction of processing your personal data. You may have the right to prevent or restrict processing of your personal data.
- Request transfer of your personal data. You may have the right to request transfer of personal data directly to a third party where this is technically feasible
Where you believe that we have not complied with our obligation under this Policy or applicable data protection law, you have the right to make a complaint to a Data Protection Authority, such as the UK Information Commissioner’s Office.
The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other third parties. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
CHANGES TO THIS POLICY
Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Policy.