1. Who we are
April 19th, 2024
In this Privacy Policy, “we“, “us” and “our” means Medisoft Limited, based at Jubilee House, 33 Park Place, Leeds LS1 2RY company registered number 3318478. Our registration number with the Information Commissioner’s Office is Z1829699.
Our legal status under applicable data protection law is that of a “data controller” (meaning that we decide the purposes for which and the ways in which your personal information is collected and used) and in this capacity we will securely store and process your personal information.
2. About this policy
We take the protection of your privacy seriously.
When we record and use your personal information we:
- only access it when we have a good reason
- only share what is necessary and relevant
- don’t sell it to anyone
This Privacy Notice explains what happens with any personal data we gather from you in relation to:
- your use of this website;
- your use of one of our software products or associated services;
- any customer service or other enquiries you submit to us.
We recognise our obligations under data protection legislation and we are committed to keeping your personal data safe and secure.
You should read this Privacy Notice so that you understand how we will handle your personal data.
Our aim is to only use and hold your personal data in ways that you would reasonably expect us to.
3. The Data We Collect
Personal data you give to us.
We will use this information:
- to provide you with the information, products and services that you request from us;
- to provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you with information about products and services we feel may interest you;
- to ensure that content from our website is presented in the most effective manner for you and for your computer.
- To deliver the services required of us under a contract with you or your employer
Personal data we collect about you.
We will use this information:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our website safe and secure;
- to measure or understand the effectiveness of marketing efforts we serve to you and others, and to deliver relevant advertising to you;
The types of personal data we may collect, use, store and transfer in relation to you may consist of the following:
Data Subject | Types of Personal Data |
Website visitor/user | IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of request (concrete page), access status/http status code, amount of data transferred with each request, the requesting domain, browser, operating system and its surface, language and version of browser software. |
Job applicants | Title, first name, last name, email address and telephone number, application documents |
A user of our software (e.g. a member of staff within a hospital) | Name, address, job title, e-mail, telephone number |
A patient or a Licensee of our software | Name, patient ID, date of birth, contact details, gender, data concerning health, genetic or biometric data, racial or ethnic origin, religious or philosophical beliefs |
Individual making enquiries / seeking customer service assistance (e.g. support in relation to our software) | Name, address, e-mail, telephone number |
Newsletter subscriber | Name, e-mail, organisation, job title |
When visiting our website for informational purposes only, without transmitting information to us, we only collect the personal data that your browser transmits to our server.
This data is technically necessary for us to display the website to you and to ensure stability and security.
4. How We Use Your Data
We will usually only process your personal data where:
- the processing is necessary to comply with our legal obligations;
- the processing is necessary for our legitimate interests or the legitimate interests of third parties.
The table below provides examples of the various ways in which we may use your personal data and which of the legal reasons we rely on when processing your personal data.
Data subject | Purpose of Processing | Legal Reason for Processing |
Website visitor / user | To assist or improve the individual’s use of the website | Legitimate Interests |
Job applicants | To process the job application | Consent |
A user of our software | To provide our software for use by the Licensee/user; to administer and enforce the terms of our software licensee | Contract Legitimate Interests |
A patient or Licensee of our software | To process their data when input to one of our software products and deliver associated support, implementation and data reporting services | Legitimate Interests |
Individual making enquiries / seeking customer service assistance (e.g. support in connection with our software) | Providing details of our services / products; assisting with support issues relating to our software | Legitimate Interests |
Newsletter Subscriber | To provide the newsletter | Consent |
Where the legal reason for processing is the performance of a contract with you, if you do not provide relevant personal data we will not be able to fulfil our contractual obligation(s) to you and this may have a detrimental impact on you.
We do not conduct automated decision making (including profiling) in connection with your personal data.
If you have any questions about the contents of the above table (for example, if you would like to understand what our “legitimate interests” are for any specific processing activity) please contact our Data Protection Representative.
5. Data Sharing and Transfers
We share your data with the following categories of companies as an essential part of being able to provide our services to you:
We may disclose personal data to third parties in certain circumstances including (but not limited to) the following:
- to fulfil the purposes for which you provided your data;
- our professional advisers, including lawyers, accountants and auditors;
- regulatory or government bodies such as NHS England, the Department of Health and Social Care, the HSSIB and MHRA to resolve complaints or disputes both internally and externally or to comply with any investigation of those bodies;
- if we sell or buy any business or assets, in which case we may disclose personal data regarding you to the prospective seller or buyer of such business or assets;
- if we are under a duty to disclose or share personal data regarding you in order to comply with any legal or regulatory obligation or request, or in order to enforce or apply our terms of use or to protect the rights, property, or safety of Us, our customers, or others;
- save for data relating to patients or Licensees of our software, third parties to whom we outsource services such as data hosting, analytics, marketing and Site development and maintenance;
- save for data relating to patients or Licensees of our software, to business partners, suppliers and sub-contractors for the performance of any services we may provide for you or any interactions we may have with you as part of your use of the website, including the running and hosting of the website; and/or
- save for data relating to patients or Licensees of our software, to our ultimate holding company, Heidelberg Engineering GmbH
If your personal data is provided to any third parties you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.
We carry out due diligence on our service providers / other third parties and make sure we have a contract with them which satisfies the requirements of data protection legislation.
Apart from the situations referred to above, we will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to access your personal data.
Transferring your data outside the European Economic Area (EEA)
We will not transfer your personal data outside the EEA unless such transfer is compliant with data protection legislation.
This means that we cannot transfer any of your personal data outside the EEA unless:
- the EU Commission has decided that another country or international organisation ensures an adequate level of protection for your personal data;
- the transfer of your personal data is subject to appropriate safeguards, meaning we conclude the EU Standard Contractual Clauses (SCCs) to ensure that your data is protected to standards that reflect those required by the EU GDPR. This means the data importer in the third country commits to adhering to data protection obligations equivalent to those in the EU.
- an exception applies (including if you explicitly consent to the proposed transfer).
If you would like to know more about the third-parties we may share personal data with, or how to find out more on how they will use your data, please contact us at the details below.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of
your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data can be requested from our Data Protection Representative.
If you want us to delete your data, please contact us at the details below.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. Cookies and Tracking Technologies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your terminal device, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.
This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies
Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
If you disable all cookies you:
- won’t be able to have your preferences remembered, like what country you live in
- won’t be able to fill in forms on our website
- might not be able to see content on our website
- won’t be able to log in
Depending on their function and purpose, cookies can be divided into the following categories:
Essential Cookies
Essential cookies are required to be able to use the navigation and basic functions of the website.
Marketing Cookies
Marketing cookies are used for the targeted, user-relevant presentation of content. This allows individual advertising to be controlled.
Analytics Cookies
Analytics Cookies enable us to count visits and traffic sources to analyse and improve our websites performance.
Functional Cookies
Functional cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we utilize on our pages. If you do not allow these cookies, some or all of these services may not function properly.
When you access our website, you will be informed about the use of cookies and your consent to the processing of personal data used in this context will be obtained.
You can edit your cookie preferences my clicking on the fingerprint icon in the bottom left corner.
Turning cookies off
Browsers allow you to change your settings to prevent cookies from being used if you wish. Doing this will mean you will be unable to log in to this website or use some of its functionality. Use the links below to find out how to do this for the most common browsers.
The table below explains the cookies we use and why.
Cookie | Name | Purpose |
Google Analytics | __utma | This cookie is used to record the time and date of the first visit, the total number of visits and the start time of the current visit. |
__utmb | This cookie is used to track the time of the visit. | |
__utmc | This is used to store the time of the visit. | |
__utmt | This is used to throttle the request rate. | |
__utmz | This cookie is used to record where the visitor came from. | |
_ga | This cookie is used to distinguish between users. | |
_gat | This is used to read and filter requests from bots. | |
_gid | This cookie is used to identify the user. | |
CONSENT | This is used to store the consent choices of the user. | |
FPID | This is used to store a value used for setting the Client ID in the request to Google’s servers. | |
FPLC | This is used to register a unique ID that is used to generate statistical data about how the visitor uses the website | |
IDE | This is used to show personalised ads. | |
Usercentrics | uc_settings and/or ucString | This holds the ControllerID and SettingsID, the language, settings version and services with their consent history. |
uc_ui_version | This key states the UI version used by the clients | |
uc_user_country | This is used to recognize the location of the user and show the correct version of the CMP. | |
uc_user_interaction | This is used to signal whether a user has already given consent. | |
ucData (optional) | This holds information about the Google Consent Mode. | |
Youtube | __sak | This is used to store information about the visitor’s video preferences. |
_Secure-YEC | This is used to store the user’s video player preferences using embedded YouTube videos. | |
CGIC | This is used to provide search results by auto-completing search queries based on a user’s initial input. | |
CONSENT | This is used to detect if the visitor has accepted the marketing category in the cookie banner. | |
DEVICE_INFO | This is used to track user’s interaction with embedded content. | |
LAST_RESULT_ENTRY_KEY | This is used to save the user settings when retrieving a Youtube video integrated on other web pages. | |
pm_sess | This is used to maintain your browsing session. | |
PREF | This is used to store information such as your preferred page configuration and playback settings such as explicit autoplay options, random mix, and player size. | |
remote_sid | This is used for the implementation and functionality of YouTube video content on the website. | |
test_cookie | This is a test for cookie setting permissions in user’s browser. | |
UULE | This is used to determine the users geographic location. | |
VISITOR_INFO1_LIVE | This is used to measure the users bandwidth to determine whether they get the new or old player interface. | |
YEC | This is used to store the user’s video player preferences using embedded YouTube video. | |
YSC | This is set by the YouTube video service on pages with embedded YouTube videos. | |
yt-player-bandaid-host, yt-player-bandwidth, yt-player-headers-readable | This is used to determine the optimal video quality based on the visitor’s device and network settings. | |
yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name | This is used to store the user’s video player preferences using embedded YouTube video. |
8. Links
Our website may contain links to other websites over which we have no control. We are not responsible for privacy policies or practices of other websites to which you choose to link from our Site. We encourage you to review the privacy policies of those other web sites so you can understand how they collect, use and share your personal information.
9. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The information you provide to us is stored on our secure servers, or those secure servers of our third-party service providers. We have comprehensive measures in place to protect your personal data, this includes both physical and electronic security measures. Examples include the use of passwords, locked storage cabinets and secured storage rooms. Other features include:
- storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
- using industry-standard encryption technologies when transferring or receiving personal data;
- restrictions are placed on the electronic transfer of files; and
- our IT networks undergo necessary vulnerability testing to continually identify and remediate potential opportunities for unauthorised data access.
We takes steps to destroy or de-identify personal data when the information is no longer required for any purpose for which it may be used or disclosed by us and we are no longer required by law to retain the information.
- Your Rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
If you want to exercise your rights, have a complaint, or just have questions, please contact us. As a starting point, we have one month in which to respond to you. Our contact details are at the end of this privacy notice.
- Changes to the Privacy Policy
We reserve the right to amend this Privacy Notice from time to time. If we amend this Privacy Notice we will make you aware of this via updates posted on our website. This Policy was last updated 1st April 2024.
- Complaints
If you have any concerns about our use of your personal information, you can make a complaint to our Data Protection Representative dpo@medisoft.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk