Privacy Policy

1. Who we are

April 19th, 2024

 

In this Privacy Policy, “we“, “us” and “our” means Medisoft Limited, based at Jubilee House, 33 Park Place, Leeds LS1 2RY company registered number 3318478. Our registration number with the Information Commissioner’s Office is Z1829699.

Our legal status under applicable data protection law is that of a “data controller” (meaning that we decide the purposes for which and the ways in which your personal information is collected and used) and in this capacity we will securely store and process your personal information.

2. About this policy

We take the protection of your privacy seriously.

When we record and use your personal information we:

  • only access it when we have a good reason
  • only share what is necessary and relevant
  • don’t sell it to anyone

This Privacy Notice explains what happens with any personal data we gather from you in relation to:

  • your use of this website;
  • your use of one of our software products or associated services;
  • any customer service or other enquiries you submit to us.

We recognise our obligations under data protection legislation and we are committed to keeping your personal data safe and secure.

You should read this Privacy Notice so that you understand how we will handle your personal data.

Our aim is to only use and hold your personal data in ways that you would reasonably expect us to.

3. The Data We Collect

Personal data you give to us.

We will use this information:

  • to provide you with the information, products and services that you request from us;
  • to provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you with information about products and services we feel may interest you;
  • to ensure that content from our website is presented in the most effective manner for you and for your computer.
  • To deliver the services required of us under a contract with you or your employer

Personal data we collect about you.

We will use this information:

  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our website safe and secure;
  • to measure or understand the effectiveness of marketing efforts we serve to you and others, and to deliver relevant advertising to you;

The types of personal data we may collect, use, store and transfer in relation to you may consist of the following:

Data SubjectTypes of Personal Data
Website visitor/userIP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of request (concrete page), access status/http status code, amount of data transferred with each request, the requesting domain, browser, operating system and its surface, language and version of browser software.
Job applicantsTitle, first name, last name, email address and telephone number, application documents
A user of our software (e.g. a member of staff within a hospital)Name, address, job title, e-mail, telephone number
A patient or a Licensee of our softwareName, patient ID, date of birth, contact details, gender, data concerning health, genetic or biometric data, racial or ethnic origin, religious or philosophical beliefs
Individual making enquiries / seeking customer service assistance (e.g. support in relation to our software)Name, address, e-mail, telephone number
Newsletter subscriberName, e-mail, organisation, job title

When visiting our website for informational purposes only, without transmitting information to us, we only collect the personal data that your browser transmits to our server.

This data is technically necessary for us to display the website to you and to ensure stability and security.

4. How We Use Your Data

We will usually only process your personal data where:

  • the processing is necessary to comply with our legal obligations;
  • the processing is necessary for our legitimate interests or the legitimate interests of third parties.

The table below provides examples of the various ways in which we may use your personal data and which of the legal reasons we rely on when processing your personal data.

Data subjectPurpose of ProcessingLegal Reason for Processing
Website visitor / userTo assist or improve the individual’s use of the websiteLegitimate Interests
Job applicantsTo process the job applicationConsent
A user of our softwareTo provide our software for use by the Licensee/user; to administer and enforce the terms of our software licensee

Contract

Legitimate Interests

A patient or Licensee of our softwareTo process their data when input to one of our software products and deliver associated support, implementation and data reporting servicesLegitimate Interests
Individual making enquiries / seeking customer service assistance (e.g. support in connection with our software)Providing details of our services / products; assisting with support issues relating to our softwareLegitimate Interests
Newsletter SubscriberTo provide the newsletterConsent

Where the legal reason for processing is the performance of a contract with you, if you do not provide relevant personal data we will not be able to fulfil our contractual obligation(s) to you and this may have a detrimental impact on you.

We do not conduct automated decision making (including profiling) in connection with your personal data.

If you have any questions about the contents of the above table (for example, if you would like to understand what our “legitimate interests” are for any specific processing activity) please contact our Data Protection Representative.

5. Data Sharing and Transfers

We share your data with the following categories of companies as an essential part of being able to provide our services to you:

We may disclose personal data to third parties in certain circumstances including (but not limited to) the following:

  • to fulfil the purposes for which you provided your data;
  • our professional advisers, including lawyers, accountants and auditors;
  • regulatory or government bodies such as NHS England, the Department of Health and Social Care, the HSSIB and MHRA to resolve complaints or disputes both internally and externally or to comply with any investigation of those bodies;
  • if we sell or buy any business or assets, in which case we may disclose personal data regarding you to the prospective seller or buyer of such business or assets;
  • if we are under a duty to disclose or share personal data regarding you in order to comply with any legal or regulatory obligation or request, or in order to enforce or apply our terms of use or to protect the rights, property, or safety of Us, our customers, or others;
  • save for data relating to patients or Licensees of our software, third parties to whom we outsource services such as data hosting, analytics, marketing and Site development and maintenance;
  • save for data relating to patients or Licensees of our software, to business partners, suppliers and sub-contractors for the performance of any services we may provide for you or any interactions we may have with you as part of your use of the website, including the running and hosting of the website; and/or
  • save for data relating to patients or Licensees of our software, to our ultimate holding company, Heidelberg Engineering GmbH

If your personal data is provided to any third parties you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.

We carry out due diligence on our service providers / other third parties and make sure we have a contract with them which satisfies the requirements of data protection legislation.

Apart from the situations referred to above, we will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to access your personal data.

Transferring your data outside the European Economic Area (EEA)

We will not transfer your personal data outside the EEA unless such transfer is compliant with data protection legislation.

This means that we cannot transfer any of your personal data outside the EEA unless:

  • the EU Commission has decided that another country or international organisation ensures an adequate level of protection for your personal data;
  • the transfer of your personal data is subject to appropriate safeguards, meaning we conclude the EU Standard Contractual Clauses (SCCs) to ensure that your data is protected to standards that reflect those required by the EU GDPR. This means the data importer in the third country commits to adhering to data protection obligations equivalent to those in the EU.
  • an exception applies (including if you explicitly consent to the proposed transfer).

If you would like to know more about the third-parties we may share personal data with, or how to find out more on how they will use your data, please contact us at the details below.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of
your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data can be requested from our Data Protection Representative.

If you want us to delete your data, please contact us at the details below.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

7. Cookies and Tracking Technologies

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your terminal device, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.

This website uses the following types of cookies, the scope and function of which are explained below:

Transient cookies
Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.

If you disable all cookies you:

  • won’t be able to have your preferences remembered, like what country you live in
  • won’t be able to fill in forms on our website
  • might not be able to see content on our website
  • won’t be able to log in

Depending on their function and purpose, cookies can be divided into the following categories:

Essential Cookies
Essential cookies are required to be able to use the navigation and basic functions of the website.

Marketing Cookies
Marketing cookies are used for the targeted, user-relevant presentation of content. This allows individual advertising to be controlled.

Analytics Cookies
Analytics Cookies enable us to count visits and traffic sources to analyse and improve our websites performance.

Functional Cookies
Functional cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we utilize on our pages. If you do not allow these cookies, some or all of these services may not function properly.

When you access our website, you will be informed about the use of cookies and your consent to the processing of personal data used in this context will be obtained.

You can edit your cookie preferences my clicking on the fingerprint icon in the bottom left corner.

Turning cookies off

Browsers allow you to change your settings to prevent cookies from being used if you wish. Doing this will mean you will be unable to log in to this website or use some of its functionality. Use the links below to find out how to do this for the most common browsers.

The table below explains the cookies we use and why.

CookieNamePurpose
Google Analytics
__utma
This cookie is used to record the time and date
of the first visit, the total number of visits and the start time of the
current visit.
 
__utmb
This cookie is used to track the time of the
visit.
 
__utmc
This is used to store the time of the visit.
 
__utmt
This is used to throttle the request rate.
 __utmzThis cookie is used to record
where the visitor came from.
 
_ga
This cookie is used to distinguish between users.
 
_gat
This is used to read and filter requests from
bots.
 
 
_gid
This cookie is used to identify the user.
 
 
CONSENT
This is used to store the consent choices of the
user.
 
 
FPID
This is used to store a value used for setting
the Client ID in the request to Google’s servers.
 
 
FPLC
This is used to register a unique ID that is used
to generate statistical data about how the visitor uses the website
 
 
IDE
This is used to show personalised ads.
   
Usercentrics
uc_settings and/or ucString
This holds the ControllerID and SettingsID, the
language, settings version and services with their consent history.
 uc_ui_versionThis key states the UI version
used by the clients
 uc_user_countryThis is used to recognize the
location of the user and show the correct version of the CMP.
 uc_user_interactionThis is used to signal whether a
user has already given consent.
 ucData (optional)This holds information about the
Google Consent Mode.
   
Youtube
__sak
This is used to store information about the
visitor’s video preferences.
 
_Secure-YEC
This is used to store the user’s video player
preferences using embedded YouTube videos.
 
CGIC
This is used to provide search results by
auto-completing search queries based on a user’s initial input.
 
CONSENT
This is used to detect if the visitor has
accepted the marketing category in the cookie banner.
 
DEVICE_INFO
This is used to track user’s interaction with
embedded content.
 
LAST_RESULT_ENTRY_KEY
This is used to save the user settings when
retrieving a Youtube video integrated on other web pages.
 
pm_sess
This is used to maintain your browsing session.
 
PREF
This is used to store information such as your
preferred page configuration and playback settings such as explicit autoplay
options, random mix, and player size.
 
remote_sid
This is used for the implementation and
functionality of YouTube video content on the website.
 
test_cookie
This is a test for cookie setting permissions in
user’s browser.
 
UULE
This is used to determine the users geographic
location.
 
VISITOR_INFO1_LIVE
This is used to measure the users bandwidth to
determine whether they get the new or old player interface.
 
YEC
This is used to store the user’s video player
preferences using embedded YouTube video.
 
YSC
This is set by the YouTube video service on pages
with embedded YouTube videos.
 
yt-player-bandaid-host, yt-player-bandwidth,
yt-player-headers-readable
This is used to determine the optimal video
quality based on the visitor’s device and network settings.
 
yt-remote-cast-installed,
yt-remote-connected-devices, yt-remote-device-id,
yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name
This is used to store the user’s video player
preferences using embedded YouTube video.
 

8. Links

Our website may contain links to other websites over which we have no control. We are not responsible for privacy policies or practices of other websites to which you choose to link from our Site. We encourage you to review the privacy policies of those other web sites so you can understand how they collect, use and share your personal information.

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The information you provide to us is stored on our secure servers, or those secure servers of our third-party service providers. We have comprehensive measures in place to protect your personal data, this includes both physical and electronic security measures. Examples include the use of passwords, locked storage cabinets and secured storage rooms. Other features include:

  • storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
  • using industry-standard encryption technologies when transferring or receiving personal data;
  • restrictions are placed on the electronic transfer of files; and
  • our IT networks undergo necessary vulnerability testing to continually identify and remediate potential opportunities for unauthorised data access.

We takes steps to destroy or de-identify personal data when the information is no longer required for any purpose for which it may be used or disclosed by us and we are no longer required by law to retain the information.

  • Your Rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

If you want to exercise your rights, have a complaint, or just have questions, please contact us. As a starting point, we have one month in which to respond to you. Our contact details are at the end of this privacy notice.

  • Changes to the Privacy Policy

We reserve the right to amend this Privacy Notice from time to time. If we amend this Privacy Notice we will make you aware of this via updates posted on our website. This Policy was last updated 1st April 2024.

  • Complaints

If you have any concerns about our use of your personal information, you can make a complaint to our Data Protection Representative dpo@medisoft.co.uk.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk