Skip links
User sign up
Partner sign up
Mediion

Personal data privacy policy

1. Preamble

With the aim of ensuring compliance of its activities with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation), Mediion Technologies d.o.o. with principal offices at Zinke Kunc 9, 42000 Varaždin (the Company), as a company that continuously, in a timely manner and fully implements legal regulations in all areas of business, and especially in those that directly relate to the interests and satisfaction of users to whom the Company provides the service of using the MEDIION platform, adopts and hereby publishes this Privacy Policy.

In this Privacy Policy, the word user or you refers collectively to our users, representatives, potential users and users of MEDIION services. You become a user of MEDIION services when you register on the MEDIION platform and create a user account.

Our Privacy Policy defines, for instance, the categories of personal data we process, the way we process personal data and your exercise of rights as a data subject.

Some of our services may be subject to separate privacy policies. If separate privacy policies apply to an individual service, we will publish them in connection with that service.

This Privacy Policy may be updated from time to time in order to reflect changes in the way data is processed or in a different way. The current version can be found on the website. We will not make significant changes to this Privacy Policy or diminish users’ rights guaranteed by this Privacy Policy without prior notice.

2. Data controller

This Privacy Policy applies to the processing of personal data carried out by MEDIION Technologies d.o.o. (the Company.)

Contact information:

Name: MEDIION Technologies d.o.o.

Correspondence address: Zinke Kunc 9, Varaždin

OIB (Personal identification number): 03243979549

email: info@mediion.com

The Company has appointed a data protection officer who can be contacted by e-mail at dpo@mediion.com.

3. What data we process and how we collect it

Personal data are all data relating to you that determine or can be used to determine your identity.

  • User data

At the moment of your registration on MEDIION, we will collect the following personal data from you:

  • Email address
  • Name and surname
  • Date of birth
  • Sex

Afterwards, while using the MEDIION application, you can voluntarily add other data to your user profile, such as contact information, personal identification number, profile photo, etc.

We may also collect your data through your other activities on MEDIION, for instance, when subscribing to the newsletter or filling out forms.

  • Health information

During the use of our services, we will collect various data about your health, such as:

  • Your medical records
  • Symptoms and vital parameters
  • Consultations, messages and documents exchanged with health professionals

We will collect some of this data directly from you, during the use of our services and health consultation services provided by our Partners, while some will be collected from third parties, such as health professionals who provide you with health consultation services.

  • Data from other sources

We may collect data about you and your health from other applications, devices and services only with your consent to collect data from such sources (for instance, if you want to store and analyse data collected from smart watches, blood pressure monitors, oximeters and other IoT devices in MEDIION).

  • Credit and debit card information

Your credit and debit card data will be processed for the purposes of payment for the services provided via MEDIION. This processing is entirely carried out by a third party – an online card payment service provider, and we do not process nor store any data about your credit and debit cards. The only information we collect and store is information about the transactions carried out.

  • Information on your communication with us and other information

If you contact our customer service or interact with MEDIION in any way, we will store data on such interaction, in order to monitor the quality of our service and the quality of services provided by our Partners. This also includes data that you exchange with MEDIION outside MEDIION applications (for instance, email, phone calls or chat conversations).

We may also process other information that you voluntarily provide to us, such as:

  • information you provide when evaluating our services
  • marketing opt-in and opt-out
    • Technical and analytical data

While using our mobile and web applications or visiting our websites, depending on the permissions provided by your devices or web browser settings, we may collect various technical or analytical data. Although we do not normally use technical and analytical data to identify you as an individual, we may sometimes recognize you from it, either alone or when combined or linked with other personal data. In these cases, technical and analytical data may also be considered personal data under applicable laws and we will consider such data to be personal data.

The technical and analytical data that we may collect are:

  • information about the device via which you use MEDIION:
  • IP address
  • Brand, model and identification number of the device
  • Browser type and version
  • Operating system
  • Time zone and language settings and other localization settings
  • Internet service provider
  • Your location (based on IP address)
  • Your device’s Advertising identifier
  • Visitor identifier
  • usage data. We collect information about your use of MEDIION applications and services such as:
  • Time and date of your visit to the MEDIION platform
  • Time spent on the MEDIION platform
  • Information about the use of services through the MEDIION platform
  • Services you searched for while using the MEDIION platform
  • Information about the application performance
  • Information about your interactions, such as notifications opened
    • Information from third parties that provide you with services

It is possible to register on MEDIION using your social network account, for instance, your Facebook account. In such a case, from the third party through which you have voluntarily chosen to register on MEDIION, we will receive your personal data such as:

  • Email address
  • Name and surname
  • Your username or ID
  • Other information, depending on the third party

The third party you use to register and login to MEDIION processes your login information as well, and is solely responsible for handling that information.

  • Cookies

We use various technologies to collect and store analytical data and other information when the users visit the MEDIION platform, including cookies.

Cookies are small text files sent and saved on your device that allow identification of visitors to the MEDIION platform and create aggregate information of our visitors. This helps us improve the MEDIION service and provide better services to our users. Cookies will not harm your device or files. We use cookies to tailor the MEDIION service and the information we provide in accordance with the individual interests of our users. Certain cookies are necessary in order to use and ensure a smooth experience on the MEDIION platform, while other cookies collect data on how the MEDIION services were used in order to improve the MEDIION services.

The user may choose to set out web browser to refuse cookies or to alert when cookies are being sent.

4. Purposes and grounds for the processing of your personal data

The Company processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

In some parts of the MEDIION service, you may be requested to grant your consent for the processing of personal data.  In this event, your data will not be processed before giving your consent, and you may withdraw your consent at any time.

There are several purposes of the processing of your personal data by the Company One or more purposes may be applied simultaneously:

  • To provide the MEDIION service and carry out our contractual obligations (legal ground: contract performance and legitimate interest)

The Company processes your personal data in order to conclude a contract with you and provide you with MEDIION services.

We use data, for example, to process your requests, to communicate with you, to manage your payments and amounts due (where applicable) and to provide the necessary data to our Partners (health professionals). If you contact us, we will use the information provided by you to answer your question or solve your complaint.

  • For our legal obligations (legal ground: compliance with legal requirements)

 

The Company processes data in order to enable us to administer and fulfil our obligations under law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities, such as tax authorities.

  • For claims handling and legal processes (legal ground: legitimate interest)

The Company may process data for the purpose of claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our services and for data, system and network security.

  • For user communication and marketing (legal ground: legitimate interest)

The Company processes your personal data in order to contact you regarding MEDIION services and to inform you of changes relating to them. Your personal data is also used for the purpose of marketing the MEDIION services to you. Legitimate interest as a ground for processing is, for instance, when we personalize our offers and provide you with services that are more relevant to you and when we analyse information about your interests and feedback in order to develop our services.

  • To improve the quality of MEDIION services and analyze trends (legal ground: legitimate interest)

Also, we may process data in your use of MEDIION services in order to improve the quality of MEDIION services, e.g. by analyzing trends in the use of MEDIION services. In order to ensure that our service is in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.

5. Transfer of personal data to countries outside Europe

MEDIION stores your personal data primarily within the European Economic Area.

6. Recipients

We do not share your personal data with third parties outside of the MEDIION platform unless one of the following circumstances applies:

  • For the purposes set out in this Privacy Policy and to authorized Partners:

To the extent that our Partners who provide health consultation services need access to your personal data in order for them to fulfil their obligations via the MEDIION platform, we provide them with your personal data that you have entered in the MEDIION platform, but only in the event that you have contacted an individual Partner and requested the provision of health consultation services. In this event, the Partner is the independent controller of your personal data processing who processes your personal data based on a legal obligation and as such is responsible for the legality of data processing procedures. Furthermore, we may transfer your personal data to registered service providers and partners who perform services for us or in cooperation with us (including data storage, accounting services, sales and marketing) in order to process the data.

When data is processed by third parties on behalf of the Company, the Company has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes set out in this Privacy Policy and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures

Please note that if you provide personal data directly to a third party, for example to a Partner via the MEDIION platform, the processing is typically carried out based on their policies and standards.

  • With partners for the provision of MEDIION services

To the extent that third parties, such as Partners who provide you with their own health consultation service via the MEDIION platform, need access to your personal data in order for us to perform the MEDIION services, we provide such third parties with your personal data.

When a professional associate processes your personal data for the purpose of exercising their own rights and obligations, such as their legal obligations towards you, the Partner is an independent controller of personal data processing and as such responsible for the legality of data processing procedures.

  • For legal reasons and legal processes

We may share your personal data with third parties outside the MEDIION platform if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; (iii) protect the interests, property or safety of the Company, the users or the public, as long as in accordance with the law. When possible, we will inform you of such actions.

  • With your explicit consent

We may share your personal data with third parties outside the MEDIION platform when we have your explicit consent to do so.  You have the right to withdraw your consent at any time and free of charge by contacting us.

7. Retention period

The Company processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

In some parts of the MEDIION service, you may be requested to grant your consent for the processing of personal data.  In this event, your data will not be processed before giving your consent, and you may withdraw your consent at any time. The Company does not retain your personal data longer than the law allows and no longer than is necessary for the purposes of providing MEDIION services or a corresponding part thereof. The retention period depends on the type of data and the purpose of processing. The maximum period may therefore differ depending on the method of use. The Company processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

In some parts of the MEDIION service, you may be requested to grant your consent for the processing of personal data. In this event, your data will not be processed before giving your consent, and you may withdraw your consent at any time. The Company takes reasonable steps to keep personal data accurate and to delete inaccurate or unnecessary personal data.

We retain the personal data you submitted during registration for as long as you have an active user account on the MEDIION platform. We retain all the other personal data that you have stored in MEDIION or that have been collected for you in MEDIION from third parties for as long as YOU want, that is, you can voluntarily delete them at any time. Your personal data which we retain based on your consent will be deleted immediately after withdrawal of your consent.

You can delete your user account at any time, in which case most of the personal data related to your user account will be deleted as well. Those personal data whose further processing is required by law or for our legal obligations and legitimate interests such as the processing of compensation claims, bookkeeping services, internal reporting and the reconciliation process, and which will not be deleted after deleting your user account, may only be retained for as long as the legal obligation lasts or for as long as it takes to fulfil our legitimate interests.

Your personal data that has been deleted from MEDIION will no longer be available to you or anyone else with access to MEDIION, but residual copies of this data may remain in the MEDIION backup system for a maximum period of one month from the moment of deletion, due to technical characteristics of the mechanisms for creating and keeping backup copies. In the event the MEDIION system needs to be restored from such a backup, MEDIION will again take measures to delete your personal data from the MEDIION system.

8. Your rights

  • Right of access

You have the right to access and to be informed about your personal data that we process. We provide you with the possibility to access certain data through your user account on the MEDIION platform or to request copies of your personal data using the contact information below.

  • Right to withdraw consent

In cases where the processing is based on the consent given by the user, the user may withdraw the consent at any time.  Withdrawal of consent may result in a reduced ability to use the MEDIION platform. Withdrawal of consent has no effect on the legality of processing based on consent prior to its withdrawal.

  • Right of rectification

You have the right to have incorrect or incomplete personal data that we have stored about you corrected or completed by contacting us.  You can correct or update some of your personal data through your user account in the MEDIION platform.

  • Right to erasure

You may also request that your personal data be deleted from our system, for example, when the data is no longer necessary for the purpose for which it was collected. We will comply with such a request, unless we have a valid reason not to delete the data. Please note that, in the event that you wish to delete such data, we will not be able to provide you with the MEDIION services or certain features of those services.

  • Right to object

You have the right to object to a specific use of your personal data if this data are processed for a purpose other than the one necessary for the provision of MEDIION services, or to comply with legal obligations.  For instance, you may request that we stop processing your personal data for purposes of direct marketing, which is based on justified reasons. If you object to the further processing of your personal data, this may result in a reduced ability to use the MEDIION services.

  • Right to restriction of processing

You may ask us to restrict personal data processing when, for example, your data erasure, rectification or objection is pending and/or when we do not have a valid ground for processing your data. When processing is restricted, your data will be stored and will not be further processed. For example, if you dispute the accuracy of your data, the processing of such data will be restricted until it is ensured that the data is correct. However, this may result in a reduced ability to use the MEDIION services.

  • Right to data portability

When the processing is carried out by automatic means of processing based on a contract or consent, you have the right to receive the personal data that you have provided to us in a structured and commonly used format and to independently transmit those data to third parties.

  • How to exercise your rights

The above-mentioned rights can be exercised by sending a letter or an email to the above-mentioned address and containing the following information:  name and surname, address, email address and telephone number.  We may also require the provision of additional information if necessary to confirm the user’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

9. Direct marketing

We may send you information, news and offers about MEDIION services based on the relationship between you and the Company. In other cases, we will not directly market to you without your express consent.  The user has the right to prohibit the use of personal data for the purpose of direct marketing by contacting us at the address indicated above.

10. Submission of a complaint

In the event the user believes that our processing of personal data is not in compliance with the applicable data protection laws, a complaint can be lodged with the supervisory authority – the Croatian Personal Data Protection Agency.

11. Data protection

The security of your data and the preservation of your privacy are the foundation of our services, and we approach them with maximum seriousness and attention.  Therefore, we use administrative, organizational, technical and physical safeguards to protect your personal data we collect and process.

  • Storing your data

All your personal data, including health data, are stored on GDPR-compliant, secure servers within the EU and are protected by strong encryption, a firewall and other advanced cyber security solutions.  Furthermore, pseudonymization is applied to all your personal data, whenever applicable and possible.

  • Protection of your data during the use of services

All data that is exchanged between your devices, the devices of health professionals who provide you with health consultation services and our servers during the use of services are protected by the standard TLS (Transport Layer Security)/HTTPS (Hypertext Transfer Protocol Secure) encryption.

We use third-party services that use E2E encryption and are fully compliant with GDPR and HIPAA regulations to make video calls and exchange messages between you and health professionals as part of teleconsultation and written consultation services. Your personal data is not transferred to the providers of these services.

Our organizational and technical safeguards, which meet the requirements of the ISO 27001 standard, have been established and organized in such a way as to ensure the durable confidentiality, integrity and availability of data and resilience of the system and services for their processing, as well as the ability to restore, in a timely manner, the availability of personal data and access to it in the event of a physical or technical incident.  In order to ensure the continuity of security of processing, we regularly conduct testing of organizational and technical measures and the MEDIION system and services against security threats (e.g. security penetration testing and vulnerability testing, load testing, failover testing, disaster recovery testing, etc.).

If, despite security measures, a security breach that might have negative effects on user privacy occurs, we will notify the users and other affected parties of the breach as soon as possible, as well as the competent authorities if necessary pursuant to the applicable data protection laws.

12. Transparency

If we decide to change this Privacy Policy, we will post the changes to this page in order for you to have continuous access to them.

Ova web stranica koristi kolačiće (eng. cookies) za pružanje boljeg korisničkog iskustva. Više o kolačićima možete pročitati u Politici o kolačićima.