Medical Management Systems Ltd and Meddbase USA IncREAD OUR DATA PROTECTION POLICY
This site is operated on behalf of Medical Management Systems Limited, a company registered in England and Wales with registered company number 05272668, whose registered office is at 134 Buckingham Palace Road, London SW1W 9SA. If you have any questions on these terms or the service that we provide, please contact us using the details below. All references to “us” or “we” throughout this statement is to Medical Management Systems Limited.
We take compliance with our legal duties in respect of your personal data seriously. We have appointed a data protection officer to monitor and oversee our legal compliance, who can be contacted on the details below.
We collect personal information whenever you provide it to us. This personal information may include the following:
• name, address and contact details
• other personal information you provide to us
• technical information, including the type of device you are using, the temporary or persistent unique device identifiers (UDIDs) placed by us or our service providers, the I.P. address of your device, your operating system, the type of device internet browsers you use and data about the way you use our website.
We rely on our legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are that we use your personal information in order to process and respond to any enquiries which you raise with us and without using such data this would not be possible. Where we would like to keep in touch with you, beyond your initial enquiry, we will seek your specific consent to do so.
We will not provide your information to third parties other than as set out below. We may disclose your personal data to:
• a third party who acquires our business
• law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by law
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We take extensive technical and operational steps to protect the data we keep against unauthorised access, unlawful processing, accidental loss or destruction, damage, or misuse, for example:
• we store your personal data on secure servers based in the UK
• your personal data is encrypted in transit
• access to your personal data is limited to authenticated and approved staff
While we will use all reasonable efforts to protect the information we collect and store, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
Medical Management Systems is certified to the international information security standard ISO27001-2013. We are NHS DSP toolkit compliant compliant and HIPAA compliant.
We will not transfer your data outside of the European Economic Area (EEA).
You have the right to request access to personal data that we may process about you. If you wish to exercise this right, you should:
• contact us;
• include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill); and
• specify the personal data you want access to, including any account or reference numbers where applicable.
You have the right to require us to correct any inaccuracies in your data that we may process about you free of charge. If you wish to exercise this right, you should:
• contact us;
• provide us with enough information to identify you; and
• specify the information that is incorrect and what it should be replaced with.
In certain circumstances you have the right to require us to erase personal data that we may process about you. If you wish to exercise this right, you should:
• contact us; and
• provide us with enough information to identify you.
If you have any concerns or questions as to the way in which we process your information please contact us. In addition you have a right to bring a complaint about us with the Information Commissioner’s Office. More information on the Information Commissioner’s Office and your rights is available at www.ico.org.uk.
Your data will be retained for no longer than is necessary for the purpose for which we use your data, which will usually be a period of up to 1 year from the date of your last interaction with us.
We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you visit this website.