(“Mediplasty”, “we”, “us” or “our”) is committed to protecting the privacy of our clients and users of our website. We want to provide a safe and secure user experience. We will ensure that the information you submit to us, or which we collect, via various channels (including our website or through written correspondence (including e-mail) is only used for the purposes set out in this policy.

Through this Privacy Policy, we aim to inform you about the types of personal data we collect from users, the purposes for which we use the data and the ways in which the data is handled.  We also aim to satisfy the obligation of transparency under the EU General Data Protection Regulation 2016/679 (“GDPR“) and national laws implementing GDPR.

For the purpose of this Privacy Policy, the controller of personal data is Mediplasty and our contact details are set out in the Contact section at the end of this Privacy Policy.

1- The Information we collect
In some areas of our website (“the Site”), we ask you to register and thereby provide personal information. When you do so, we ask you to give us your name, email address, company, phone number and other personal information for the purpose of supplying the Services to you.

 2- The Legal Basis for Processing your Personal Information
Under GDPR, the main grounds that we rely upon in order to process personal information of our users are the following:

(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data.

(b) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimizing our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner.

(c) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.

3- How we use your Personal Information
The information you provide will be kept confidential. We will hold, use and disclose your personal information for our legitimate business purposes including:

  1. to identify you and authenticate your use when you visit the Site;
  2.  to provide you with newsletters, special offers, information of relevant content or features of the Site to help you make the most of our services and for related marketing purposes. We will only do so if you have submitted your contact details to us for these purposes or otherwise provided your consent;
  3.  to notify you about changes to our service and/or the Site;
  4.  to advise you of news and industry updates, events, promotions and competitions;
  5.  to fulfil contractual obligations with our clients;
  6.  to provide further services to you by sharing your personal information with other companies and third parties. Further details about this are set out in the separate section below on Sharing your Personal Information; and
  7. to release personal information to regulatory or law enforcement agencies, if we are required or permitted to do so. On each occasion that we send you a newsletter or marketing information, you will be given the choice to opt-out.

4- How we share your Personal Information
In certain circumstances, we will share your personal information with other parties. Details of those parties are set out below along with the reasons for sharing it.

Trusted Third Parties
We will only share your personal information with trusted third parties where we have retained them to provide services that you have requested or for our legitimate business purposes, such as IT, professional support services, travel partners (transfer, accommodation, vehicle hire) and the clinics, medical practitioners, hospitals and other service providers.

Transfer of Information outside the EEA
Under the General Data Protection Regulation, we are required to tell you if we transfer or intend to transfer information which we hold on you to countries outside the European Economic Area (“EEA”). We do currently transfer personal data to our partners outside of the EEA in order to make the necessary travel/logistical arrangements and to book appointments in your name. Our trusted partners, whether they are within the EEA or outside, are not authorized by us and will not share any personal data with another party unless required by domestic law of the country they are in.

New business owners
If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, we will notify you of such event.

Regulatory and Law Enforcement Agencies
If we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies. 

5- How long we will hold your information
We will retain your personal information for the time necessary to provide the Services we perform for you or stated by the purposes outlined in this Privacy Policy.
In particular, we will store certain categories of your personal information for the following periods of time: Prospect data - 6 years, Client data - 2 years after commercial relationship ceases. 

6- Use of cookies and tracking technology
We use cookies (defined below) for collecting user information from the Site. Cookies are messages given to a web browser by a web server. The message is then stored by the browser in a text file called cookie.txt. Each time the browser requests a page from the server, this message is sent back. A cookie’s main objective is to identify users and personalize their visit by customizing web pages for them, for example by welcoming them by name next time they visit the same site.
We use cookies and tracking to understand how users use and behave on the Site. If you have provided personal information to us to access the subscriber Site or via a website form then your usage can be traced to you personally. We use the data we collect to monitor the effectiveness and performance of the Site and to improve the Services we provide, and to provide relevant content.
We only track users’ behavior on our Site and we do not have access to your behavior on other websites other than in relation to how you were referred to the Site (e.g. through another site or a search term). More information regarding our use of cookies can be found in our cookie policy
7- Security
We respect your information and have put in place measures to ensure the security of the information we collect and store about you. We are committed to protecting your personal data from unauthorized disclosure and/or access including through the use of network and database security measures (though these cannot always guarantee the security of any data which is collected and stored).
8- Your rights on the information we hold about you
You have certain rights in relation to the personal information we hold about you. Details of these rights and how to exercise them are set out below.  We will require evidence of your identity before we are able to act on your request.
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.

Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold.  Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.

Right of Correction or Completion
If the personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.  You can let us know by contacting us using the contact details below.

Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.

Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us.  For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.

Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third-party organization.
The above right exists only in respect of personal information that:
you have provided to us previously; and is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organization’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the Contact section below.
Most of the above rights are subject to limitations and exceptions.  We will provide reasons if we are unable to comply with any request for the exercise of your rights.
You can do this by using the details in the Contact Us section below. 

9- Changes to our Privacy Policy
This privacy policy can be changed by Mediplasty at any time. If we change our privacy policy in the future, we will advise you of material changes or updates to our privacy policy by email.