Privacy Policy

This Privacy Policy (“Policy“) governs the data collection, processing and usage made by MeMed Diagnostics Ltd. (“MeMed” or “us”, “our”, “we”) through our website. This Policy concerns the data we collect from individuals who access and use our website (“Users”, “you” or “your“).

This Policy constitutes an integral part of the Terms and Conditions (“Terms”), available at www.me-med.com/terms-and-conditions. Definitions used herein but not defined herein shall have the meaning ascribed to them in the Terms.

The privacy of your data is at our outmost importance and hence we handle your data carefully in accordance and compliance with the applicable data privacy regulation. Please note that you are not obliged to provide us with any personal data (as defined below), and we do not request you to do so. However you shall be aware that your avoidance of providing us with some personal data may not allow us to provide you with our services.

If you have any questions about this Policy, please contact us at: privacy@me-med.com.

Amendments

We reserve the right to periodically amend or revise the Policy, which will immediately affect the implementation of the revised Policy on our website. The last revision date will be reflected in the “Last Updated” heading located at the top of the Policy. We will make a reasonable effort to notify you if we implement any changes that substantially change our privacy practices. We recommend that you periodically review this Policy to ensure that you understand our privacy practices and check for any amendments.

Contact Information

MeMed Diagnostics Ltd. 5 Nahum Het St. Tirat Carmel, 39120, Israe
Email: info@me-med.com
Phone: +972-4-8500302

Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us by using the contact details above. All requests will be dealt with promptly and efficiently.

Role of the Parties

Under the European Union (“EU”) General Data Protection Regulation (Regulation 2016/679) (“GDPR”), we act, in the course of the processing of your direct personal data, as the Data Controller. We will outline here any event that we act as a Data Processor, and you act as a Data Controller.

Please note, in the event you are an end-user of our products – the MeMed BV, MeMed Key, Pipeline, etc. (e.g., our product was supplied to you by one of our customers, e.g., a healthcare provider (“HCP”)), the HCP is acting merely as a potential Data Controller of your Personal Data (to the extent provided) and we act as the Data Processor on behalf of such Data Controller. Please note that, MeMed products do not collect nor process any patient’s identification information. Also note, if you have any questions or complaints regarding Personal Data, please contact the controller. Similarly, when we process Protected Health Information (“PHI”) on behalf of any of our customers who are deemed as a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we act as a Business Associate.

Collection of Non-Personal Data

We may collect aggregated, non-personal and non-identifiable information which may be made available or gathered via your use of our website (“Non-Personal Data“). We are not aware of the identity of the individual from which the Non-Personal Data is collected.

Also, we may sometimes process and anonymize or aggregate personal data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified person.

Non-Personal Data may be used by us without limitation and for any purpose, including for commercial, research, or statistical purposes, without further notice to you.

Collection of Personal Data

During your interaction with the website, we will collect individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data”). This may include online identifiers, first and last name, email address, phone number, resume, cover letters, country, company’s name and additional information you decide to share with us, subject to applicable law.

In case you will provide us with your Personal Data, we may manage it under a “Customer Ticket” in one of our systems in accordance with terms of this Policy.

Note, that if we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data.

Processing of Personal Data – Purposes and Lawful Basis

We have included in the table below information about which data is processed, how we process and use your data and the lawful basis for which we do so subject to the GDPR.

Type of Data

Contacting Us

If you voluntarily contact us in any manner, whether for support, to submit a request or for other inquiries, whether by filing the “Contact Us” form or through other means of communications, you may be asked to provide us with your contact details such as your first and last name, Company’s name and email, country, and additional information you decide to share with us.

Online identifiers and other Technical Data

When you interact with our website, we may collect certain online identifiers, including your IP address and Advertising ID.
We may also collect technical Non-Personal Data transmitted from your device (e.g., language used, type of operating system, type of device, etc.) and approximate geographical location (country).

Job Application

In the event you apply for a job, we will collect your CVs and your first and last name, email address, phone number, resume, cover letter and additional information you decide to share with us (“Recruitment Information“).
Further, we may receive from third parties, such as recruiting agencies, information about candidates who are interested in working at MeMed. In such cases we rely on the agreements we have with the third-parties for obtaining your information.

Purpose of Processing

We will use this data and our correspondence history solely to respond to your inquiries and provide you with the support or information you have requested. We will retain our correspondence with you for as long as needed, subject to applicable law.
In the course of our correspondence you might provide us with any other information you will voluntarily choose to provide us with. In such event we do not require you to provide us with any Personal Data; however, without such data, we might not be able to provide you with the service or information you required in your inquiry. In addition, in such event you shall note that you are the Data Controller of such Personal Data and we are the Data Processor.

We use this data for our legitimate interests of (i) operating, providing, maintaining, protecting, managing, customizing, and improving the website and how we offer it; (ii) enhancing your experience; (iii) auditing and tracking usage statistics and traffic flow; and (iv) protecting the security of the website, as well as our and third parties’ rights (subject to applicable law requirements).

To process your job application and for recruitment purposes, and in order to enable us to comply with corporate governance and legal and regulatory requirements.

If you are hired by us, the Recruitment Information that you provide us may be used in connection with your employment and our corporate management.

Lawful Basis

The lawful basis for processing your contact us details will be the implied contract between you and us, meaning we will use the data for addressing your requests and inquiries.
After completing any such request, we will retain your information as part of our business records under our legitimate interest.
Some of our Services’ data might be processed under our legal obligation, such as safety requirements.

Such processing is part of our legitimate interests as a commercial business.

We process such Recruitment Information subject to our legitimate interest.

Processing Actions

We are collecting your data, transmitting it to our system and storing it in it (including third party systems, e.g., our email, CRM), and responding to you by email or any other means of contact provided by you. We also keep record of all our correspondence with you.

We are collecting your data, transmitting it to our system and storing it in it (including third party systems, e.g., our email, CRM), and responding to you by email or any other means of contact provided by you. We also keep record of all our correspondence with you.

Collection of data, aggregation and statistical analysis, report generation, record keeping and storage.

Collection of data, analysis of such data, correspondence with you through the means of contact you have provided us with, record keeping of data.

*** We collect recruitment data through the use of a designated third-party system.

Cookies & Pixel Usage

Our website includes tracking technologies such as Cookies and Pixels. These tracking technologies are used for the purpose of gathering some information automatically, by ourselves or by third party service providers on our behalf.

We may use various types of Cookies and Pixels:

• Essential – which are necessary for the site to work properly (usually appears under our name/cookie tag);
• Functional – designated to save your settings on the website – your language preference or other view preferences;
• Targeting – used to collect information from you to help us improve our products and services and serve you with targeted advertisements that we believe will be relevant to you (e.g., Google’s Cookies);
• Social networks – Social Plug-In Cookies (e.g., Facebook, Twitter, LinkedIn Cookies, or pixels, etc.) enable sharing your usage information with your social network’s accounts;
• Analytics – give us aggregated and statistical information to improve the website and further developing it (e.g., Google analytics, Google Firebase Crashlytics, etc.);
• Third-party services used by us – an external service which provides us with services which allow us to provide you with the services.

Please note that the data collected by the use of Cookies and Pixels may be linked to and combined with any other data, including Personal Data.

Also note that Cookies and Pixels data is usually collected through third-party service providers, like Google, Facebook, etc. In those cases, your Personal Data might be transferred to those third parties, which might use it, as a “joint controller” or “Co-Controller” of the data, meaning that the data is also “owned” and processed by them under their terms and conditions. Under those terms and conditions and the direct accounts or subscriptions you have with those third parties, your Personal Data might be linked to other data collected by the relevant third party and processed in its systems, for its purposes, and under its management. For example, suppose you have a Facebook account, the Personal Data collected through Facebook’s Cookies in our website might be linked to other data Facebook collects and might be used by Facebook per the independent agreements between you and Facebook.

What Are Your Choices Regarding Cookies?

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser, or use the designated Cookies Bar in the Website.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

For the Chrome web browser, please visit this page from Google

For the Internet Explorer web browser, please visit this page from Microsoft

For the Firefox web browser, please visit this page from Mozilla

For the Safari web browser, please visit this page from Apple

For any other web browser, please visit your web browser’s official web pages.

Where Can You Find More Information About Cookies?

You can learn more about cookies in the following third-party websites:

All About Cookies:

• Network Advertising Initiative
• Sharing Data with Third Parties

We do not share any Personal Data collected from you with third parties or any of our partners except in the following events:

• Legal Requirement: We will share your information in this situation only if we are required to do so to comply with any applicable law, regulation, legal process, or governmental request (e.g., to comply with a court injunction, comply with tax authorities, etc.);
• Policy Enforcement: We will share your information, solely to the extent needed to (i) enforce our policies and agreements; or (ii) to investigate any potential violations thereof, including without limitations, detect, prevent, or take action regarding illegal activities or other wrongdoings, suspected fraud or security issues;
• Company’s Rights: We will share your information to establish or exercise our rights, to prevent harm to our rights, property, or safety, and to defend ourselves against legal claims, when necessary, subject to applicable law;
• Third Party Rights: We will share your information, solely to the extent needed to prevent harm to the rights of our Users, yourself, or any third party’s rights, property, or safety;
  Business Purpose: we may disclose your personal information to a third-party for a business purpose, as detailed above.
• Service Providers: we share your information with third parties that perform services on our behalf (e.g. customer service, tracking, servers, service functionality, marketing, and support, etc.) these third parties may be located in different jurisdictions.
• Corporate Transaction: we may share your information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy;
• Authorized Disclosures: we may disclose your information to third-parties when you consent to a particular disclosure. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.
  Your Data Subjects’ Rights Under Privacy Protection laws

Under EU law, EU residents and individuals have certain rights to apply to us to provide information or make amendments to how we process data relating to them. Those rights might include:

• right to access your Personal Data – you can ask us to confirm whether or not we have and use your Personal Data, and if so, you can ask for a copy of your data;
• right to correct your Personal Data – you can ask us to correct any of your Personal Data records that is incorrect, after verifying the accuracy of the data first;
• right to erase your Personal Data – you can ask us to erase your Personal Data if you think we no longer need to use it for the purpose we collected it from you. You can also ask for such erasure in any case in which the process of your data was based on your consent, or where we have used it unlawfully, or where we are subject to a legal obligation to erase your Personal Data. Any request for such erasure will be subject to our obligations under the law (e.g., our obligation to keep some records for tax or customs purposes);
• right to restrict our use in your Personal Data – you can ask us to restrict our use of your Personal Data in certain circumstances;
• right to object to how we use your Personal Data – you can object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information;
• you can always require us to refrain from using your data for direct marketing purposes; and
• you can ask us to transfer your information to another organization or provide you with a copy of your Personal Data (Portability Right).

We may not always be able to do what you have asked us to. Also, not all those rights apply in every jurisdiction. Yet, we encourage you to contact us with any such request, and we will be happy to assist you.

In addition, you have the right to lodge a complaint at any time before the relevant supervisory authority for data protection issues. However, we will appreciate the chance to deal with your concerns before you approach the authorities, so please feel free to contact us in the first instance.

Though those rights principally apply under the GDPR towards EU residents, similar rights may apply in other jurisdictions, to some extent, in accordance with the relevant jurisdiction. Thus, if you are not an EU resident but still have any such request, we encourage you to contact us with any such inquiry and we will do our best to assist you, in accordance with the applicable law and our legitimate and lawful interests.

Data Retention

Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable.

Also, we may keep some of your Personal Data as a user of our Services for more extended periods for protecting our legal interests or under any safety or other legal requirements.

As for Cookies data and technical marketing data, usually the data will be retained in an identified manner for periods of 14-36 months, subject to the relevant system. However, note that as explained before, once you delete the Cookies from your computer or otherwise restrict the use of cookies, we will have no linkage between your identity and your Cookies data (yet, the third-party provider may have such data relating to you, under the separate terms between you and any such third party, e.g., Facebook’s terms of use as a user of Facebook).

Recruitment data will be retained up to 7 years after the last recruitment activity, for allowing to protect ourselves from any potential legal suit, in accordance with Israel’s statute of limitations.

Please note that where we act as a Processor on behalf of an account owner, the retention periods are under the sole discretion of the account owner, as the Data Controller.

Data Processing Location

We may store or process your Personal Data in a variety of countries, including the United States.

Any transfer of data that originates in the EU to a country outside of the European Economic Area (EEA), shall be made in compliance with the provisions of chapter 5 of the GDPR, e.g.:

• transfer to a country that is recognized as providing an adequate level of legal protection;
• transfer under a proper agreement containing the Standard Contractual Clauses published and authorized by the relevant EU authority;
• where we can be satisfied those alternative arrangements are in place to protect your privacy rights through the use of any other mechanism under the GDPR.

It is important to note that we are headquartered in Israel, a country that the European Data Protection Board considers offering an adequate level of Personal Data protection regulation.

Suppose you are a resident of a jurisdiction where the transferring of your Personal Data requires your consent. In that case, your consent to this Privacy Policy includes your express consent for such transfer of your data.

Security & Data Transfer

We take great care in implementing physical, technical, and administrative security measures that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost. You need to remember, however, that unfortunately, the transmission of information via the internet cannot be 100% secure. As such, although we will do our best to protect your Personal Data, we cannot guarantee the full security of data transmitted via our website, and any transmission of your data shall be done at your own risk.

Also note that, as we may use third party service providers and our website uses third party cookies as described above, your Personal Data might be processed in other territories outside your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer, in accordance with applicable law. You may exercise your rights, where applicable, to receive information on such a transfer mechanism.

Children

Our website is not directed, nor is it intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16 and with respect to the U.S.A, under the age of 13) and we do not knowingly process a child’s information. We will discard any information that we receive from a User who is considered a “child” immediately upon discovering that such a user shared information. Please contact us if you have reason to believe that a child has shared any information with us.

Representative for data subjects in the EU and UK

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit this website.