Supplemental European Economic Area and United Kingdom Privacy Statement
This Privacy Statement is addressed to you only if you are located in the European Economic Area (EEA) or United Kingdom (UK) and you use any websites, mobile applications or newsletters that we, MedInvite, operate (“Services”). If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. References to the “GDPR” are references to the General Data Protection Regulation as it applies in the country where you are located. Please also refer to the Privacy Policy that applies to the Service that you are using for additional information about what categories of personal data we collect, the purposes for which we process it, and the types of third parties to whom we disclose the personal data. Unless the Service you are using prominently displays its own Privacy Policy, the MedInvite Privacy Policy applies to the Service.
1. Data Controller.
Doctor's Guide Publishing Limited, 1, rue Hildegard von Bingen, L-1282 Luxembourg, Luxembourg is the controller of your personal data. “We” in this document refers to this entity. Our data protection officer’s name and contact details are as follows: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich, Germany; email@iitr.de. Our UK GDPR-specific representative contact details are as follows: Rickerts Services Ltd UK, PO Box 1487, Peterborough, PE1 9XX, United Kingdom; art-27-representative@rickert-services.uk.
2. Legal Bases for Processing Personal Data.
We rely on the following legal bases to process your personal data, as appropriate:
- The processing is necessary for us to perform a contract with you or take steps at your request prior to entering into a contract with you per Article 6(1)(b) of the GDPR (“Contract Performance Legal Basis”);
- The processing is necessary for us to comply with an applicable legal obligation per Article 6(1)(c) of the GDPR (“Obligations Legal Basis ”);
- The processing is necessary for us or others to realize legitimate interests and such interests are not overridden by your rights or fundamental rights and freedoms which require protection of personal data, per Article 6(1)(f) of the GDPR (“Interest Legal Basis”); or
- According to your consent per Article 6(1)(a) of the GDPR (“Consent Legal Basis”). In these cases, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal
More information is provided below. For additional details regarding the lawful bases that we rely on to process your personal data specifically, please contact us using the contact details at the end of this Privacy Statement.
3. Personal Data Transfers Outside of the EEA or UK.
Some recipients of your personal data are located in Canada and Ireland. In this case, the transfer is thereby recognized as providing an adequate level of data protection from an EEA and UK data protection law perspective (pursuant to Article 45 of the GDPR).
Some recipients of your personal data are located in the U.S. and Mexico. By entering into appropriate data transfer agreements based on the Standard Contractual Clauses approved by the authorities of your jurisdiction, we have established that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer is subject to appropriate onward transfer requirements as required by the applicable contract or law.
You can ask for a copy of such appropriate data transfer agreements by contacting us as set out at the bottom of this notice.
4. Data Retention.
We will delete, erase or anonymize your personal data within one month after your personal data is no longer necessary for us to provide you with any information or services you have requested, pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your interests or fundamental rights and freedoms, comply with any legal obligations to which we are subject, or defend any legal claim against us or support any legal claim made by us, including any potential appeal.
5. Data Subject Rights.
- Right to withdraw your consent: If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- Right of access: Under Article 15 of the GDPR, you have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing.
- Right to rectification: Under Article 16 of the GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: You have the right to ask us to erase your personal data where one of the grounds set forth in Article 17 of the GDPR applies, including where the personal data is no longer necessary in relation to the purposes for which we collected or otherwise process it.
- Right to restriction of processing: You have the right to request restriction of processing of your personal data where one of the grounds in Article 18 of the GDPR applies, in which case, it would be marked and processed by us only for certain purposes.
- Right to data portability: Under Article 20 of the GDPR, you have the right to receive your personal data which you have provided to us in a structured, commonly used, and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us, in accordance with Article 21 of the GDPR. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us.
- Right to submit complaints: You have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under the applicable national data protection law. To exercise your rights please contact us as stated below.
6. Your Choices.
You are not required to provide any personal data to us, but if you do not provide us with the personal data that we request from you, you may not be able to use or receive the Services. You can use the Services without consenting to cookies that are not strictly necessary; the only consequence is that the Services will be less tailored to you.
7. Contact Us.
For more information or to exercise your rights as described herein, please contact us at privacy@medinvite.com.