Privacy & Cookies policy

Welcome to mediPing and our website and portal at www.mediping.co.uk. We take the protection and security of the data of our employees, business partners and customers seriously. Therefore, the special consideration of privacy in the processing of personal data is an important concern for us. Insofar as personal data is collected (e.g., your name, address, or other contact details), it is processed exclusively in accordance with the applicable data protection regulations, in particular the UK`s Data Protection Act (DPA) and the General Data Protection Regulation (GDPR).

Below you will find information on the purposes of the processing of personal data of our customers and business partners (individuals) or their employees, representatives and other contacts of our business partners, as well as an overview of the rights of the data subjects (including the contact details of the data protection officers) when using our website and portal.

Responsible party

The responsible party for the collection, processing and use of your personal data within the meaning of the GDPR is

Mediping Limited

261-263 Great Horton Road, Bradford, England, BD7 3BG

You can reach us using our Contact Form or per e-mail admin@mediping.co.uk, if you have any questions or concerns about how we process your data.

Principles of data processing

We process users' personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:

in order to provide our contractual services and online services
processing is required by law
with your consent
on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services).

The above legal bases are set out as follows:

Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR
Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b) GDPR
Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c) GDPR
Processing to protect our legitimate interests Art. 6 para. 1 lit. f) GDPR

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners’ website (www.ico.org.uk).

information about the processing of your personal data.
obtain access to the personal data held about you.
ask for incorrect, inaccurate or incomplete personal data to be corrected.
request that personal data be erased when it’s no longer needed or if processing it is unlawful.
object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
request the restriction of the processing of your personal data in specific cases.
receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
You also have the right in this case to express your point of view and to contest the decision
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website (www.ico.org.uk).

Collection of personal data when visiting our website

When you use our website for information purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request came
browser
Operating system and its interface
language and version of the browser software.

The legal basis for this data processing is the legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Cookies

We use cookies. Cookies are small text files that are stored on your device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person.

We use session cookies and permanent cookies on our website. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR and in the interest of optimising or enabling user guidance and adapting the presentation of our website. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time using the appropriate browser settings and prevent the setting of new cookies. Please note that our website may then not be displayed optimally, and some functions may no longer be technically available. For the use of cookies and similar technologies on our website, please refer to our Cookie Policy.

When you watch our videos

On our website, we implement videos of the video portal "YouTube" of the company Google Inc.

Doing so, we use the "extended data protection mode" option provided by Google. When you call up a page that has an embedded video, a connection is established to Google's servers and in the process the content is displayed on the website by notifying your browser. According to Google's information, in "extended data protection mode" your data - in particular which of our Internet pages you have visited as well as device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged in to Google at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your YouTube account before visiting our website.

Further functions and offers of our website and portal

In addition to the purely informational use of our website and portal, we offer various services, that you can use. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply. For the provision of chargeable services, we will ask for additional data, such as payment details, in order to process your order. We store this data in our systems until the statutory retention periods have expired.

a) Contact, enquiry and request forms

Enquiries via our contact, enquiry and request forms may include your name, address, e-mail address, the subject of your contact and your message. We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

b) E-mail contact

If you contact us by email, we will store your details for the purpose of processing the enquiry and for any follow-up questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data. We only store and use further personal data if you consent to this or if this is legally permissible without special consent. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

c) Stay Connected (Newsletter)

When registering for our newsletter, you are required to provide your email address. Insofar as you have given us your consent to data processing when registering for the newsletter, we process and store the personal data provided when registering for the newsletter exclusively for the purpose of providing the newsletter and informing you about our products, services and/or promotions in accordance with the newsletter you have subscribed to. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

We use the services of MailChimp or Mad Mimi for sending newsletters. The providers are:

MailChimp, Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Mad Mimi, 14455 N. Hayden Rd., Suite 219, Scottsdale, Arizona, 85260 USA.

MailChimp/ Mad Mimi is a service with which, among other things, the sending of newsletters can be organised and analysed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on MailChimp/ Mad Mimi servers in the USA.

With the help of MailChimp/ Mad Mimi, we can analyse our newsletter campaigns. When you open an email sent with MailChimp/ Mad Mimi, a file contained in the email (so-called web-beacon) connects to MailChimp/ Mad Mimi servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want any analysis by MailChimp/ Mad Mimi, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.

The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp/ Mad Mimi after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g., email addresses for the member area) remain unaffected by this.

We have concluded a so-called "data processing agreement" with MailChimp/ Mad Mimi, in which we oblige MailChimp/ Mad Mimi to protect our customers' data and not to pass it on to third parties.

d) Sign up as a customer

If you register as a customer, we will request mandatory and, where applicable, non-mandatory data (this may include Email, first name, last name, phone number, address, and payment data) in accordance with our registration form for the purposes stated below. The entry of your data is encrypted so that third parties cannot read your data when it is entered.

The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 para. 1 lit. f GDPR and, in the case of contracts, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR.

Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).

e) Purchases

When ordering our goods, it is necessary, among other things, to provide your name, e-mail address and postal address and, if applicable, your payment data. We process and store the personal data provided when you place an order solely for the purpose of providing you with the ordered solutions. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

f) Sign up as a vendor

If you register as a vendor, we will request mandatory and, where applicable, business data and data for our Vetting, KYC and AML obligations (this may include Email, first name, last name, phone number, address, Registered name of Pharmacy, Trading name of Pharmacy, Pharmacy GPhC registration number, Type of Pharmacy, Name of Director/ Owner of Pharmacy, Contact number of Director/ Owner of Pharmacy, Contact email of Director/ Owner of Pharmacy, Name of Superintendent Pharmacist, GPhC registration number of Superintendent Pharmacist, Contact number of Superintendent Pharmacist, Contact email of Superintendent Pharmacist, Name of preferred contact, NHS.net email address of Pharmacy, and payment data) in accordance with our registration form for the purposes stated. The entry of your data is encrypted so that third parties cannot read your data when it is entered.

We may also collect proof of ID (Passport or Driver’s licence) and proof of address of registered pharmacy e.g., utility bill, bank statement or government or other documents for our vetting process.

The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 para. 1 lit. f GDPR, in the case of contracts, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR and in the case of Vetting, KYC and AML obligations according to Art. 6 para. 1 lit. c GDPR.

g) Profile

As a registered user or vendor, you have the opportunity to create a user profile with just a few clicks and details. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile. When creating a profile, you can submit personal data. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

h) Use of our portal

If you wish to use the portal, you must register. The provision of the aforementioned data is mandatory. Subsequently, the users/vendors will receive a confirmation email with a verification link with which he can set up his user account, define his password and complete the registration. For these purposes, we use the e-mail address that is or will be stored in the customer master data for the purpose of the business relationship.

We process personal data of users/vendors for the purpose of using the mediPing portal and for the purpose of fulfilling the contract. The legal basis is Art. 6 para. 1 lit. b and lit. f GDPR. The users/vendors can manage and change all information in the portal. If you use our portal, we store the data required for the fulfilment of the contract until final deletion of the access and/or after expiry of the statutory retention periods. For a longer period, the data could also be processed on the basis of our legitimate interest (legal defence, debt collection, etc.). The legal basis is Art. 6 para. 1 lit. b and lit. f GDPR.

To prevent unauthorised access to your personal data by third parties, the connection is encrypted using TLS technology. When using the portal, we also collect data listed above. When using the portal, no cookies are stored on your computers. Only an encrypted token is stored in the browser, which essentially contains the name of the user and his or her rights. This data point is stored in the browser's internal memory and deleted there as soon as the user logs out. You can delete the token by setting your browser software accordingly.

i) contacting others

Of course, we also process your chats with other members as well as the content you publish, as necessary for the operation of the services. In addition to the information, you may provide us directly, we receive information about you from others. Members may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.

We also share some members’ information with service providers and partners who assist us in operating the services. You share information with other members when you voluntarily disclose information on the service (including your profile). Please be careful with your information and make sure that the content you share is stuff that you’re comfortable being visible. If you choose to limit the audience for all or part of your profile or for certain content or information about you, then it will be visible according to your settings. The legal basis is Art. 6 (1) b GDPR.

j) Business relationships

In the course of our business activities, we mainly process identification data and contact data, namely customers/business partners or their employees, representatives. In addition, the payment and delivery data of customers/business partners or personal data of other natural persons are processed (identification data, contact data, descriptive data relating to their ownership) if they are liable for the obligations of our customers/business partners.

The purpose of processing the above personal data is to negotiate and execute the relevant contract, to secure and enforce obligations, to conduct business communications and correspondence or to comply with legal obligations (tax returns, money laundering or compliance with international sanctions).

We process personal data obtained directly from users/vendors/business partners or from publicly available sources.

The processing of the above personal data will only be carried out for as long as it is necessary to fulfil the purpose(s) for which it was collected. In principle, this data is only processed for the duration of the contractual relationship or for the duration of the statutory retention periods. However, due to our legitimate interest (legal defence, collection of debts, etc.) or due to legal obligations, the data may partly be processed beyond this period.

The legal basis for the aforementioned processing of personal data is the conclusion or fulfilment of a contract, the fulfilment of legal obligations or our legitimate interest (Art. 6 para.1 lit. b, c and f GDPR).

k) Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to consultants, such as legal advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

Data processing for the purpose of fraud prevention and optimisation of our payment processes

Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g., invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.

l) Legal defence and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights.

Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.

m) Direct marketing in the context of a customer relationship

We use the data you provide to fulfil and process our contract and to respond to your enquiries or on the basis of your consent. Insofar as you have also given us separate consent to process your data for consulting and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have consented to.

n) When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

o) Within mediPing

We may transfer the personal data of users/vendors (natural persons) or their employees, agents, guarantors, etc. within mediPing for internal administrative purposes (e.g., accounts receivable management, controlling, risk management, indirect purchasing, compliance with legal obligations such as tax returns, money laundering).

Employees of mediPing are trained on the data protection regulations of mediPing within the scope of an online training and are obliged to maintain the confidentiality of personal data or security measures in accordance with internal guidelines if they participate in the processing. At mediPing, personal data is processed automatically by means of computer technology and manually in the form of a paper file or a file by individual authorised employees who need this data for their work (need-to-know principle).

Within the framework of the processing of personal data, technical and organisational measures have been taken to ensure the protection of personal data.

p) Payment data

Payment data is collected during the ordering process. For orders on our site, you have the possibility to choose between different payment methods PayPal or Credit Card. For each of the payment methods, our payment processor stores personal data on behalf of mediPing. The legal basis for the data processing is Art. 6 para. 1 b) GDPR, as the processing of the data is necessary for the performance of the contract.

Updating your information

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

External recipients

Personal data may also be disclosed to third parties (e.g., lawyers, auditors, banks, insurance companies, law enforcement agencies, etc.) if there is a legitimate interest or a legal obligation.

Furthermore, we may pass on your personal data to third parties if this is necessary for the fulfilment of a contract. You will receive more detailed information on this when you provide your personal data.

In the event that special conditions are granted for certain products and/or product ranges, proof of the sales of your data will be transmitted to the corresponding manufacturer/business partner for the purpose of reimbursement/counter-financing of the conditions paid. The legal basis for this transmission is Art 6 (1) lit. b GDPR (contract performance), or your consent (Art 6 (1) lit. a GDPR).

In addition, personal data of users/vendors may be disclosed to state authorities and other institutions if this is required by law (e.g., in the case of control bodies such as the tax office, law enforcement agencies, executors, insolvency administrators, etc.). The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Google Maps

This website uses Google Maps to display map information when you are using our Select a pickup point feature. When using Google Maps, Google also processes and uses data on the use of the Maps functions by visitors to the web sites. For further information on data processing by Google, please refer to Google's privacy policy at https://www.google.com/intl/en/policies/privacy/. You can also change your privacy settings there in the privacy centre. There you can also change your settings in the data protection centre so that you can manage and protect your data. The legal basis is consent in accordance with Art. 6 (1) (a) GDPR.

Transfer of data

Unless otherwise stated above, we do not disclose personal data to companies, organisations, or persons outside our company, except in one of the following circumstances:

a) data sharing with affiliated companies in the context of joint data maintenance.

mediPing stores and processes your data collected from you in the course of using our website services and visiting our website in an IT system that can only be accessed by mediPing Employees based on a strict need to know basis.

b) With your consent

As far as already described in detail above, but in individual cases also beyond that, we pass on personal data to companies, organisations, or persons outside our company if we have received your consent for this (Art. 6 para. 1 sentence 1 lit. a, if applicable in conjunction with Art. 9 para. 2 lit. a GDPR).

c) processing by other bodies

We make personal data available to other companies that are affiliated with us, as well as to our third-party business partners, other trusted companies or persons who process it on our behalf. This is done on the basis of our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures.

d) for legal reasons

We will disclose personal data to companies, organisations or persons outside our company if we can reasonably assume that access to this data or its use, storage or disclosure is necessary, in particular, to comply with applicable laws, regulations or legal procedures or to comply with an enforceable official order; the legal basis in this respect is Art. 6 para. 1 sentence 1 lit. c, if applicable, in conjunction with Art. 9 para. 2 lit. c, if applicable. Art. 9 para. 2 lit. b GDPR.

Data security

mediPing takes technical and organisational measures to protect your personal data against accidental or intentional manipulation, falsification, loss, destruction, or access by unauthorised persons. These measures are continuously adapted, improved, or extended in line with technological developments. Access to your personal data is limited to the employees required to fulfil the purpose.

Storage and retention

Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 6 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.

mediPing is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, mediPing may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 (1) (c) GDPR for compliance with a legal obligation to which we are subject. mediPing is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of mediPing, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of mediPing pursuant to Art. 6 (1) (f) GDPR. Insofar as the disclosure of health data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.

International transfers

Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK and the EEA.

Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:

The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.

Social Media

a) Social Media Presences

We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.

b) Social Media Plugins

Social media plugins normally result in every visitor to a page being immediately recorded by these services with their IP address and their further browsing behaviour being logged. This can happen even if you do not click the button.

To prevent this, we use the Shariff method. This means that our social media buttons only establish direct contact between the social network and you when you click on the respective share button. If you are already logged in to a social network, this is done without another window for Facebook and Google+. On Twitter, a pop-up window appears in which you can still edit the text of the tweet.

You can thus publish our content on social networks without them being able to create complete surf profiles. The Shariff method is already used by many websites to protect their users.

But at the latest when you call up the social media platform, your data will be processed there. The social media platform will usually store cookies on your device or even save your usage behaviour to your account, especially if you are logged in yourself. The social media platform can use your data to analyse your user behaviour and use it for (interest-based) advertising. This may result in advertisements being displayed to you inside and outside the social media platform.

c) Social Media Links

We refer to our offered social media presences with links. Unlike social media plugins, links do not lead to the social media platform finding out about your visit when you call up our site. However, like any link, they will lead to your data being processed by the social media platform at the latest when you click on the link. As a rule, the social media platform will save cookies on your device or even save your usage behaviour to your account, especially if you are logged in yourself. The social media platform can use your data to analyse your user behaviour and use it for (interest-based) advertising. This may result in advertisements being displayed to you inside and outside the social media platform.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.

Personal information and children

The services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.

Data Breaches/Notification

Databases or data sets that include Personal information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Obligation to provide personal information

We inform you that the provision of personal information is partly required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner). Furthermore, in order to conclude a contract, it may be necessary for you to provide us with personal information that subsequently has to be processed by us. For example, you are obliged to provide us with personal information if our company concludes a contract with you. Failure to provide the personal information would mean that the contract could not be concluded.

Before providing us with your personal information, you should contact one of our employees. Our employee will explain to you on a case-by-case basis whether the provision of your personal information is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal information and what the consequences would be of not providing the personal information.

Advertising

This website may use user data to communicate advertising in the form of banners and other marketing methods - possibly based on the user's interests. This does not mean that all personal data will be used for this purpose.

Some of the services listed below may use cookies to identify users or use so-called behavioural retargeting. This method can also be used to identify the interests and surfing behaviour of users who do not take place via this website, in order to specifically tailor advertisements to them. For more information, please refer to the privacy policies of the respective services. In addition to any exclusion (or opt-out) option offered by the services listed below, the user may opt-out of the use of cookies by third party services by visiting the Network Advertising Initiative opt-out page.

Applications

If you use our forms to apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.

Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.

The legal basis for processing data during the application process is Art. 6 (1) b GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 (1) a GDPR. The legal basis for data processing after a rejection is Art. 6 1 letter f GDPR.

As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.

You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.

Automated decision-making and profiling

In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under the GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us.

Links to other website

The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.

Hosting and Content Delivery Networks (CDN)

This website is hosted by an external service provider. The personal data collected on this website is stored on the service provider's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. Our service is used for the purpose of contract fulfilment and in the interest of a secure, fast and efficient provision of our website by a professional provider of our legitimate interest. Our service provider will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data.

Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address, or phone records.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Changes

This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

Exercising your rights

If you would like to exercise any of our rights as set out above in the “Your rights” section above or have a complaint, please contact us. Any such request will be responded to within one month and we might require proof of identity to verify and process your request. For more information about these rights, please contact us.

Queries and Complaints

Our staff is available to answer questions regarding the processing of your personal data, requests for information, suggestions, for exercising your rights and for complaints. If you have any questions or suggestions on the subject of data protection, please send an email directly to us.

Any comments or queries on this policy should be directed to us using the following contact details.

Mediping Limited

261-263 Great Horton Road, Bradford, England, BD7 3BG

You can reach us using our Contact Form or per e-mail admin@mediping.co.uk, if you have any questions or concerns about how we process your data.

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the ICO.

Privacy & Cookies policy

mediPing

About

Help