Last Updated: April, 2023
- “Website” means www.engage.tg.
- “You”, “your” or “user” means any natural person using the Website, for private or business purposes, without necessarily having subscribed to our service.
- “Personal Data” or “personal information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly.
- “Controller” means the natural or legal person that determines the purposes and means of the processing of personal data processing.
- “Processing” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, storage, adaptation, consultation, use, disclosure or deletion.
- “Communication” means any information exchanged or conveyed between you and the Platform.
- “Consent” by a user means any freely given, specific, informed, and unambiguous indication of the user’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- “Data Protection Law” refers to the California Privacy Rights Act of 2020 (CPRA), the Connecticut Data Privacy Act (CTDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Virginia Consumer Data Protection Act (VCDPA), Act on the Protection of Personal Information (APPI), Personal Information Protection and Electronic Documents Act (PIPEDA), Brazilian General Data Protection Law (LGPD), General Data Protection Regulation (GDPR).
- HOW DOES YOUR MEDICAL SERVICE PROVIDER COLLECT DATA?
In general, your medical service provider will collect your personal data directly from you. When personal data is not collected directly from you, your medical service provider will inform you within the legal term on their processing.
- PURPOSES FOR PROCESSING PERSONAL DATA, LEGAL GROUNDS AND RETENTION PERIODS
- Purpose: Transmission of informative medical video materials through the Platform
Data collected: the data collected for this processing are name, phone number and data related to the medical appointment (appointment date, appointment type)
Legal basis for processing: the provision of healthcare and health services, according to national legislation
Retention period: Personal Data will be processed during the provision of medical services and the fulfilment of related financial obligations, and subsequently, in accordance with the existing legal obligations of the controller. After the provision of medical services, the Personal Data will be kept for a reasonable period of time to ensure records regarding the relationship between you and the medical service provider, including for the resolution of any differences or disputes that may be between you and your medical service provider.
- Purpose: Statistics related to your journey in the Platform
Data collected: the data collected for this processing are identification data (internal ID), contact data (pseudonymized phone number), journey information (journey, event type, event date, event id, episode name, language, video id, video name, video length, video time watched, video time watched percentage, call to action).
Legal basis for processing: based on our legitimate interest in ensuring that you go through the video information we make available to you and to keep records of the accessed video materials.
Retention period: Personal Data will be processed during the provision of medical services. After the provision of medical services, the Personal Data will be kept for a reasonable period of time to ensure records regarding the relationship between you and your medical service provider, including for the resolution of any differences or disputes that may be between you and your medical service provider.
- Purpose: Transmission of informative medical video materials through the Platform
- AUTOMATED DECISION MAKING
Your medical service provider does not make decisions based solely on automatic data processing of your data (including profiling) that will have legal effects on you or that will affect you in a similar way to a significant extent.
- DISCLOSURE AND TRANSFER OF PERSONAL DATA
Your personal information may be transferred, to the extent that this is necessary to the following categories of recipients: the Platform, companies from the same group, service partners, subcontractors, payment providers, archiving companies, IT service providers, software or hardware vendors, market research companies, marketing companies, public authorities, court, or arbitral tribunals, as well as competent authorities to investigate criminal offences. The data may be disclosed or transferred to the mentioned categories of recipients in order to provide our services at a high standard by outsourcing part of our work to specialists or in order to comply with specific legal obligations your medical service provider is subject to.
As a rule, the transmission of your personal data to the above recipients will be done in accordance with applicable law and only based on a commitment to confidentiality and ensuring an adequate level of security on their part, which guarantees that personal data is kept secure.
- SECURITY OF PERSONAL DATA
The security of your Personal Data is important to your medical service provider. Therefore, they maintain a variety of appropriate technical and organizational measures to protect your Personal Data from loss, misuse, and unauthorized access or disclosure. The medical service provider limits access to Personal Data to staff whom they believe reasonably need to retrieve that information to provide our services. Considering the current state of technology, the medical service provider has implemented reasonable physical, electronic, and procedural safeguards designed to protect your Personal Data, such as limiting access, encrypting, anonymizing, or storing it on secure media.No method of transmission over the Internet, method of electronic storage or other security methods is one hundred percent secure. Despite our best efforts to protect your Personal Data, no safeguards can guarantee a perfect level of security and the medical service provider cannot guarantee their absolute security.
- YOUR RIGHTS AND HOW TO EXERCISE THEM
Each data protection legislation recognizes specific rights for the data subjects in relation to the processing of their personal data. Depending on the legislation aphttps://edpb.europa.eu/about-edpb/about-edpb/members_en#member-ieplicable in your country, you may have all or part of the right mentioned below:
Right of access: You have the right to obtain confirmation from your medical service provider that they process your Personal Data, as well as information on the specifics of processing, such as: purpose of processing, categories of data processed, recipients of personal data, period for which the data is kept, if it is transferred abroad and how the medical service provider protects it, the source of your personal data.
Right to rectification: At any time, you have the right to request the rectification of your Personal Data. In the event of errors, after notification, the medical service provider will immediately rectify your personal data.
Right to erasure: You have the right to request the deletion of personal data, provided that your request complies with applicable legal requirements. Personal data will be erased when the legal requirements are met. This right may also concern the right to anonymize, block or delete personal data when it is unnecessary or excessive data or data processed in noncompliance with the provisions Data Protection Law and the right to delete the personal data processed with the consent of the data subject, except in the situations provided by the Data Protection Law.
Right to restriction of processing: If the applicable legal provisions are met, you can request that the medical service provider restricts the processing of your personal data.
Right to data portability: If the applicable legal provisions are met, you have the right to receive your Personal Data in a structured, commonly used and automatically readable format and the right to transmit it to another data controller.
Right to object: In certain situations, such as when the medical service provider processes Personal Data based on legitimate interest, you have the right to object to our processing of your Personal Data.
Right not to be subject to decisions based solely on automated processing: If the applicable legal provisions are met, you have the right not to be subject to a decision based solely on automatic processing, including profiling, which has legal effects on you or affects you to a similar significant extent.
Right to Opt-Out of Sale or Sharing of Personal Information: You have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.
Right to address to the Supervisory Authority: You have the right to file a complaint with the Personal Data Authority regarding any violation of your rights regarding the processing of your Personal Data.
If you want to contact the Data Protection Authority from your place of residence, for the EU you may find the contact details at https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-ie.
Consent withdrawal: To the extent that the medical service provider processes your based on your given consent, you can withdraw your consent at any time, without affecting the legality of the processing based on the consent before its withdrawal. You have the right, at any time, to revoke your consent through a facilitated and free-of-charge procedure.
You may exercise anytime your rights in relation to your medical service provider, by contacting them.