Privacy Policy

Privacy Policy

The purpose of this privacy notice is to give you information on how The MedicAlert Foundation collects and processes your personal data, including any data you may provide through this website when you purchase a product or service.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Who we are

We are The MedicAlert Foundation and we are the data controller and responsible for your personal data.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights in respect of your data, please contact our Data Protection Officer (‘DPO’). Our DPO is contactable via: medicalert@cytanet.com.cy

Our legal grounds for handling your personal data

The UK’s data protection laws allow us to use your personal data provided we have a lawful basis to do so. This includes sharing it in certain circumstances, as described below.

We consider we have the following reasons (legal bases) to use your personal data:

  • Performance of contract with you:
    we need to use your personal data to be able to carry out or benefit from the terms of a legal contract which we have entered into with you.
  • Legitimate interests:
    these are our business and commercial reasons for using your data, which we have balanced against your interests. We have certain legitimate interests in using your data which are not outweighed by your interests, fundamental rights or freedoms. These legitimate interests are to help development and improvement of our products or service, membership expansion, improving our understanding of our members, prevent and detect financial crime and to assist our compliance with the legal and regulatory requirements placed upon us.
  • Your consent:
    we may also use your data when you consent to it. You can withdraw this consent at any time, in which case we will cease to use it, unless we have a right and a need to continue processing it for one of the other reasons set out above.

More information on how we use your personal data and for what purposes is set out below.

What personal data is collected about you and how we collect it

We may collect data about you from the following sources:

Data provided by you:

  • When you apply for our products and services and throughout the course of our dealings, the data you provide may include, but not be limited to:
    • Your name, postal and email addresses, contact telephone numbers, date of birth, occupation, bank account details, IP address, National Insurance Number.
    • Contact details (Name, Address, Contact number etc. relationship to you) for any person you nominate as an advocate or person we should contact in the event of an emergency.
    • Your General Practitioner details (name, address, contact number etc.), details of any hospital (name, address contact numbers etc.) under whose care you are registered, and contact details for any other competent registered physician currently treating you.
    • Your medical information (including any diseases or conditions that you are suffering from, any medication being taken by you and any treatment being undergone by you.
    • Contact details (including relationship) for any person nominated as an “Advocate” for you.
    • Documents you ask us to store on your record which may include but not be limited to details of medical conditions, medical history, implant details, treatment preferences and requests
  • When you talk to us: for example on the phone, or in person including call recordings and voice messages. We may monitor or record calls with you to check we have carried out your instructions, to resolve queries or disputes, to improve the quality of our service or for regulatory or fraud prevention purposes
  • In writing: for example letters, emails, texts and other electronic communications.
  • Online: for example when you use our website or mobile app.
  • In financial reviews, for renewals and in any surveys etc.

Data we collect when you use our services:

  • Transaction data: for example what sort of products you are selecting, the length of term.
  • Payment data: for example, the amount, origin, frequency, history and method of your payments
  • Usage and profile data: for example, the profile you create to use our website and mobile app and how you use it. We gather this data from the devices you use, using cookies and other software
  • Details of use of our emergency service line: dates, circumstances, outcome
  • Changes and updates to previously supplied data


Data provided by third parties: 

Data from persons that introduce you to us: for example other charities, partner organisations, your employer, NHS clinics, general practitioners

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Why personal data is collected by us

We collect personal data from you for many reasons including:

Activity Legal basis Legitimate interest
  • exercising our contractual rights and obligations
  • contract performance
  • pre-contractual checks
  • post-contractual checks
  • customer service
  • account management
  • contract performance
  • legitimate interests
  • legal duty
  • consent
  • verifying identity
  • maintaining up to date records
  • seeking consent where relevant
  • business efficacy
  • risk management
  • product analysis and development
  • business development
  • profiling, statistical and analytics
  • legitimate interests
  • contract performance
  • business efficacy
  • risk management
  • product development
  • regulatory and legal requirements
  • managing risks
  • business management and operations, including record keeping
  • legitimate interests
  • legal duty
  • contract performance
  • business compliance
  • business efficacy
  • risk management
  • marketing
  • research
  • consent
  • legitimate interests 
  • business development
  • business efficacy
  • brand management

From time to time we may contact you to ask for your consent to use your personal data for other purposes. Your personal data may also be used for other purposes where required or permitted by law.

From time to time we may provide your information to our partners, third parties and customer service agencies for research and analysis purposes so that we can monitor and improve the services (or as the case may be) we provide. We may contact you by post, e-mail or telephone (or as required) to ask you for your feedback and comments on our services (or as the case may be).

From time to time we may also contact you about our other goods or services that may be of interest to you.

When personal data is shared

We may discuss your Personal Information with your nominated and named individuals either on your behalf (in the case of Advocates) or in response to an emergency.

If MedicAlert receive a call as part of the Emergency Service from a competent registered physician or emergency service provider then, after appropriate security checks have been undertaken, your Personal Information will be shared with them in order to assist in the provision of suitable medical care and to respond to the emergency.

Your data may be accessed by a third party, contracted to MedicAlert to operate the MedicAlert 24/7 emergency line, on a read-only basis with appropriate security provisions enacted.

If MedicAlert receive a call as part of the Emergency Service from a competent registered physician or emergency service provider in another country, MedicAlert will provide such a physician or service provider with Your Personal Information as we would in the UK. In these circumstances it is understood, by all parties, that as a result your personal information may be exported to areas outside of the EU jurisdiction. You agree that in such circumstances, Your Personal Information may be exported outside the EU.

If, in the future, we sell, transfer or merge all or part of our business or assets, including the acquisition of other businesses, we may share your data with other parties.  We will only do this if they agree to keep it safe and private and to only use it in the same ways as set out in this notice.


Consequences

If you fail to provide us with data, this may delay or prevent us from entering into a contract with you and or comply with our obligations.

If you fail to keep us informed of any changes or updates to data you have provided us with or additional information which is relevant to your medical condition or personal circumstances then this may compromise our ability to provide an effective and efficient service to you.

If you have any questions about the above, please contact us on the details in Section 1


What choices and rights you have

Your personal data is protected by legal rights, which include your right to:

  • object to our controlling and processing your personal data;
  • object to our sharing of your personal data with others or with certain organisations;
  • request that your personal data is erased or corrected or that its processing be restricted;
  • request access to your personal data and for it to be given to you in a portable format;
  • request that we transfer your personal data to another company;
  • request that we confirm what personal data we currently control and/or process in relation to you.

There may be reasons why we need to keep or use your data, but please tell us if you think we should not be processing your data.

For further information on how your information is used, how we maintain the security of your information and your rights in relation to it, please contact medicalert@cytanet.com.cy

If you are unhappy about how your personal data has been used by us please contact us and we will send to you our Complaints Policy. You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data.


How long personal data is kept

MedicAlert retains the personal Information in accordance with the Retention and Destruction Policy In summary, MedicAlert will keep your personal data (as indicated above) for as long as the membership service fee is paid, and for a period of 6 months after the membership has lapsed. At this point the record will be completely anonymised so it cannot personally identify you.

Information used for marketing purposes will be kept by MedicAlert until you unsubscribe from the service.


Data storage location

All Personal Data is controlled by The MedicAlert Foundation and this information is located on servers within the UK.


Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Direct marketing

We can only use your personal information to send you marketing information if we have your consent or a legitimate interest.  A legitimate interest will usually be a commercial reason which cannot be used unfairly against you.

Copyright 2020