Privacy Policy

Introduction

This Privacy Policy applies to all the products, services, websites and apps offered by OPTIMED Ltd., except where otherwise noted. We refer to those products, services, websites and apps collectively as the “Services” in this policy. Unless otherwise noted, our services are provided by OPTIMED Ltd.

References to “data” in this Privacy Policy will refer to whatever data you use our Services to collect, whether it be emails or SMS, data collected in a form, or data inserted on a site hosted by us – it’s all your data! Reference to personal information or just information, means information about you personally that we collect or for which we act as custodian.

OPTIMED LTD is committed to safeguarding your privacy. Contact our designated Data Protection Officer, Dai Dave, via email at daidave@optimed.co.uk if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you. If you require more information about documenting your privacy information, the ICO has extensive guidance here.

 

By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy.

1. Definitions

Users – You hold an account within a OPTIMED Ltd. service and you either directly send emails or  SMS messages from an Optimed service.
Patient – You are a patient of one of our Users who subscribes to our e-referral platform (CAPTIV8 Connect).
Recipient – You have received an email or SMS  powered by an OPTIMED  service.
Website Visitor – You are just visiting one of our websites because you are Curious!
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us – OPTIMED LTD

You – means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

2. Data Protection Principles

We promise to follow the following data protection principles:

  1. Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
  2. Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
  3. Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
  4. Processing is limited with a time period. We will not store your personal data for longer than needed.
  5. We will do our best to ensure the accuracy of data.
  6. We will do our best to ensure the integrity and confidentiality of data.

3. Data Subject’s rights

The Data Subject has the following rights:

  1. Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  2. Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records providing you are not contractually bound to a subscription to OPTIMED’s products.
  5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  6. Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
  7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  8. Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  9. Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
  10. Right for the help of supervisory authority– meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  11. Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data providing you are not contractually bound to the Terms & Conditions of Optimed’s products.

4. Data We Gather

Contact Information (for example an email address)

You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or customer support team, or a response to one of OPTIMED’s marketing campaigns.

Usage information

We collect usage information about you whenever you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.

Device and browser data

We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you on a mobile device we also collect the UUID for that device.

Information from page tags

We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by OPTIMED to Users include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We provide more information on cookies (below) and in our Cookies Policy.

Log Data

Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

Links from other websites

If you arrive at a OPTIMED website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.

Information from third parties and integration partners

We collect your personal information or data from third parties if you give permission to those third parties to share your information with us or where you have made that information publically available online.

If you are a User we will also collect:

Account Information

Registration information

You need an OPTIMED account before you can use OPTIMED services. When you register for an account, we collect your first and last name, username, password and email address.

Billing information

If you make a payment to OPTIMED, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number).

Account settings

You can set various preferences and personal details on pages like your account details page  or within the settings area of the CAPTIV8 and CAPTIV8 Connect applications.

5.0 How we use Recipient Data

User and Recipient trust is paramount to everything we do and so when we do use data about Recipients, we put Users and Recipients first. When we do analysis of Recipient data we only do so once we have ensured the anonymity of individual Recipients (by aggregating and anonymizing the data). Our goal is to improve the user experience across OPTIMED services while maintaining confidentiality and privacy. OPTIMED uses data in the ways described below, for legitimate interests pursued by it which are described in this section:

  1. Contact Information (for example an email address).

A Recipient has provided a User of an OPTIMED service or another Recipient with contact information.  As a Recipient, we do not use your details for anything other than to send an email or SMS from the User or from another Recipient.  OPTIMED merely act as a custodian of this data.OPTIMED will use automated processes to analyse email and SMS opens and click through rates, which helps us to extract and analyse usage patterns. This in turn helps us to:

  • improve user experience (for example, by collecting and using device and browser information from Recipients to improve how our service operates on those devices and in those browsers), and
  • identify insightful data trends (which never identifies any individuals).
  • To prevent potentially illegal activities.
  • To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.  Example: We collect information about the web page you visited and the email that was sent to you. This data is aggregated and anonymized so we can examine patterns in terms of recipient preferences. We collect and use all this data for our legitimate interests like helping us improve the experience for recipients and to help improve the click through rates on emails and SMS.

6.0 New projects/services

Optimed Ltd will identify and minimise the data protection risks to Data Subjects/Users of any new project or plans that involves processing personal data. This will involve undertaking a clinical risk assessment analysis by a multidisciplinary Clinical Safety Team and each hazard will be assessed and mitigated to a level which is as low as reasonably practicable (ALARP).

7.0 Information you share

Many of our services let you share information with others. Remember that when you share information publicly, it can be indexable by search engines. Our services provide you with different options on sharing and deleting your content but we cannot delete content from search engines so you need to be careful about information you make public.

8.0 Information we share: Partners and Integrations

We do not share your information or data with third parties outside OPTIMED except in the following limited circumstances:

  • If you are a User of OPTIMED services, your account information and data will be shared with the primary account owner(s) and your data may also be visible to other members in your team with whom you collaborate.
  • To help us provide certain aspects of our services we use our affiliates and trusted key partners – in particular, we engage third parties to:
    • facilitate email delivery through our services for sending emails to Recipients.  Recipients may download and delete data we store with Optimed services.  We store this data for 6 months.  We use Mandrill to facilitate Email delivery.  Emails and messages are automatically deleted after 30 days from Mandrill.
    • facilitate SMS delivery through our services for sending SMS to Recipients.  Optimed do not store any Personal Data on SMS messages sent.  We use Twilio to facilitate SMS delivery.  All telephone numbers are anonymised within Twilio and messages are automatically redacted upon successfully sending an SMS message.
    • facilitate OPTIMED customers in making credit card payments.  We use Stripe to facilitate credit card payments.  Optimed do not store any credit information on their servers.
    • deliver and help us track our marketing and advertising content.  We use Mailchimp for marketing emails sent to Users and any website visitors who have consented to marketing.
    • help us track website conversion success metrics.
    • manage our sales and customer support services to you.

We enter into confidentiality and data processing terms with partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices.

  • On your instructions, we share your information or data if you choose to use an integration in conjunction with OPTIMED services, to the extent necessary to facilitate that use. See further information on our Processing partners:
    • Amazon (for hosting and streaming)
    • Mandrill (for transactional email)
    • Mailchimp (only for Users and Subscribers opting into email lists)
    • Stripe (for payments from Users)
    • Twilio (for SMS and Video calling)
  • We also have to share information or data in order to:
    • meet any applicable law, regulation, legal process or enforceable governmental request.
    • enforce applicable policies, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of our users, the public or to OPTIMED and/or as required or permitted by law.

We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience. We share web visitor data with:

  • Our business partners:
    • Zoho
    • Amazon (AWS)
    • Twilio
    • Mailgun
    • Stripe
  • Connected third parties:
    • Google (for Google analytics and Maps)
    • Vimeo (for video playback)
    • Youtube (for video playback)

We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.

9.0 How we secure your data

We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.

Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

If you have an account with us, note that you have to keep your username and password secret.

10.0 Children

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

11.0 Cookies and other technologies we use

We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users. This is done in order to personalise and enhance your experience with us.

A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.

We use cookies for the following purposes:

  • Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
  • Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
  • Analytics cookies – these cookies are used to track the use and performance of our website and services
  • Advertising cookies – these cookies are used to deliver advertisements that are relevant to you and to your interests. In addition, they are used to limit the number of times you see an advertisement. They are usually placed to the website by advertising networks with the website operator’s permission. These cookies remember that you have visited a website and this information is shared with other organisations such as advertisers. Often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.

We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page.

12.0 Contact Information

Supervisory Authority
Email: info@dataprotection.ie
Phone: +353 57 868 4800

13.0 Changes to this Privacy Policy

We reserve the right to make change to this Privacy Policy.
Last modification was made 2 January 2023.