1. Who we are
2. What information we collect about you
3. How we collect the information
4. How we use that information
5. How we share information that we collect
6. How we store and secure information that we collect
7. Your rights as a data subject
8. How you can access and control your information
9. Other important details
MedoSync is a technology platform that allows for the efficient and accurate collation, completion, submission, tracking and reconciliation of health insurance claims. If you have a query in relation to how your data is handled, you can contact us by email: firstname.lastname@example.org
MedoSync collects the following information: Personal Data. “Personal Data” is information that, directly or indirectly, identifies you or another individual and which may include: Name, title, company name, job function, expertise, postal address, telephone number, email address, date of birth, age, browser and device information (including IP Address), and information collected through cookies and other similar technologies. If you submit any Personal Data relating to other people to us or to our service providers, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice. Special categories of Personal Data (sensitive data) is collected, when provided by you, and may include: Gender and medical records. Other Information. “Other Information” is any information that does not and cannot be used to reveal your identity or that of another individual, such as information which has been fully and permanently anonymised. We use this information for other purposes as described below.
MedoSync collect Personal Data, Sensitive Data and Other Information in a number of ways:
From you: MedoSync collects information such as your name, date of birth, age, gender, phone number, personal email, work email, personal address, work address and medical records when you voluntarily provide this data to us.
Offline: We may collect information from you offline, such as during phone calls with our employees, or when you contact us.
Information from other sources: MedoSync collects information from clinics and hospitals (such as your name, date of birth, age, gender, phone number, personal email, work email, personal address, work address and medical records) when you voluntarily provide this data on your insurance claim form and consent for this information to be provided to us, by your clinic or hospital.
Via your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the site you are using. Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically in our server log files whenever you access the website, along with the time of the visit and the page(s) that you visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services, such as Google Analytics. MedoSync may use IP Addresses to calculate usage levels of the web site, to administer the site and to diagnose problems with servers.
Via cookies and other similar technologies: “Cookies” include commonly used pieces of information in the form of small files that are placed on an individual’s device to enable the individual to more easily communicate and interact with the website. When you visit a website, it can send one or more cookies to your device. These cookies enable us to store information about your device which helps us, amongst other things, to provide you with a good experience when you browse and enhance the level of services and functions provided. Please review our Cookies Policy (which can be found on our website) for more information.
Via recruitment and employment processes We will process certain personal information about our employees, that we collect during the job interview process, at the start of employment and during the course of employment. We process this personal data to the extent permitted or required under applicable law, for purposes connected with employment, such as human resources, payroll management and administration.
We use Personal Data: To facilitate the claiming of the cost of health treatments or investigations that have been carried out i.e., assisting a patient to submit a health insurance claim to their health insurer. To send information and materials regarding our products and services. To send administrative information such as changes to our terms, conditions, and policies. To send you marketing communications, with your consent, including via email in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you. To administer and protect our business and platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). For our business purposes, such as data analysis, audits, developing new products, enhancing, improving or modifying our website and services, identifying usage trends, determining the effectiveness of our operations and expanding our business activities. For recruitment and employment purposes, such as staff management, performance review, training records, appointments, removals, personal development and administration. As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal grounds we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
To submit a patient’s insurance claim form to the health insurer.
Personal data, Sensitive data.
With the patient’s consent. Where processing is necessary in the performance of a contract with a hospital or clinic.
To send information and materials regarding our products and services. To send administrative information such as changes to our terms, conditions, and policies.
Where processing relates to the performance of a contract with a hospital or clinic.
To send hospitals and clinics marketing communications, including via email in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you.
Personal data, Other information
With the consent of the personnel within the hospital and/or clinic.
To administer and protect our business and platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Personal data, Other information
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.
For our business purposes, such as data analysis, audits, developing new products, enhancing, improving or modifying our platform and services, identifying usage trends, determining the effectiveness of our operations and expanding our business activities.
Personal data, Other information
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
For recruitment and employment purposes, such as staff management, performance review, training records, appointments, removals, personal development and administration.
Personal data, Sensitive data.
Necessary for the performance of our contract with each employee.
As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, of you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Personal data, Sensitive data.
Necessary to comply with a legal obligation. Necessary for our legitimate interests to prevent fraud.
We share your Personal and Sensitive Data with your health insurance company using appropriate organisational and technical measures in order to protect your data. If you would like more information about the safeguards that are in place in connection with these transfers, please contact us using the contact details in Section 1.9. We may release Personal Data as we believe necessary and appropriate to law enforcement, tax, fraud prevention, credit risk agencies and other companies and organisations for the reasons given under Section 1.4 above. We use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Data under applicable law, then we would use or disclose it in the same way that we use and disclose Personal Data. In some instances, we may combine Other Information with Personal Data (such as combining your name with the name of your organisation). If that combination permits you to be identified, we will treat the combined information as Personal Data for as long as it is combined.
We have implemented appropriate organisational, technical, and administrative measures to protect data within our organisation, including security controls to prevent unauthorised access to our systems. While we take reasonable steps to secure your data from loss, misuse, interference and unauthorised access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be 100 percent secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the Contact Us section below.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply, you have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
Right to complain and judicial review: in the event that MedoSync refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in Section: Other important details.
If you would like to access, correct, amend, remove, object or limit the use or disclosure of any Personal Data about you that has been collected and stored by MedoSync, or have it transferred to another organisation, please notify us at email@example.com so that we may consider and respond to your request in accordance with applicable law. You can opt-out of receiving marketing messages from MedoSync by unsubscribing through the unsubscribe or opt-out link in an email or by sending an email to firstname.lastname@example.org. We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages. For your protection, we only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we need to verify your identity before implementing your request. We will action your request within one month. Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such access, change or deletion.
How long MedoSync will retain your Personal Data
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We operate a Data Retention Policy and Schedule, which can be viewed by request to email@example.com. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Third Party Sites
Personal data of Children
MedoSync may process information about minors under the age of 18, where their information has been provided, and where the processing has been consented to, by the parent or legal guardian.
Your right to make a complaint
MedoSync will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need. You also have the right to complain to a data protection authority about our collection and use of your Personal Data. Their contact details are as follows:
Data Protection Commission
21 Fitzwilliam Square South
1. What are cookies?
2. How do we use them?
3. Cookie classifications
4. Cookies that MedoSync use
5. Essential and non-essential cookies
7. Other information on coookie policy
8. How to contact us
MedoSync uses this information to better understand website usage so that we know what areas of our website users prefer and to improve your experience while you navigate through the website. This information is stored in log files and is used for statistical reporting.
MedoSync uses two classifications of cookies: Strictly Necessary Cookies, which are defined as cookies which are required to help keep data safe and are essential for the website to function properly. These cookies ensure basic functionalities and security features of the website. They allow you to move between different pages on our site. They also help to keep your details secure. Not Strictly Necessary Cookies, which are defined as cookies that help us improve the performance of our site. They tell us how pages are used, which ones are commonly viewed and help us piece together a full picture of a typical customer journey through the site. They also tell us if any errors occur.
There are two types of cookies on our websites, which fall under the two classifications:
Strictly necessary cookies – A strictly necessary cookie is a cookie that is essential for you to browse the website and use its features, such as a session cookie which exists only while the user is reading and navigating the website. Session cookies enable users to carry out essential tasks on our site. Without session cookies, the site will not function correctly. Functional cookies – A functional cookie helps to perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback and other third-party features.
Analytics cookies – An analytic cookie is used to understand how visitors interact with the website. These cookies help provide information and metrics on the number of visitors, bounce rates, traffic sources etc. Analytics cookies can include:
Persistent cookies – A persistent cookie will outlast a user’s session. This could be used to record a vital piece of information such as how the user initially came to this website, or to record details about the last browsing session on the site. For this reason, persistent cookies are also called tracking cookies.
Some cookies are essential in order for users to use the website. These are not stored in your computer or mobile device and they do not contain any personal data. You can delete these cookies, however the site may not function appropriately. Here is a list of essential cookies:
These assist with the onsite customer experience and alert MedoSync of any issues that customers might be experiencing. They expire when you terminate the browser session. Expiry - once session has terminated.
Facilitates the storing of user consent for cookies in the categories of Functional, and Analytical cookies. Expiry - 11 months
Non–essential cookies are usually supplied by our business partners and help provide information relevant to you as well as for analytical purposes. Here is a list of non-essential cookies:
Google Analytics cookies
Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Expiry - 2 years
For more information on cookies policy and cookie legislation, please visit the following sites:
Cookies PolicyMost web browsers give you some control over cookies through the browser settings. However, turning cookies off may interfere with your browsing experience. For instructions on how to manage and disable cookies, see the privacy and help documentation of your specific browser’s website. If you use more devices and/or browsers you will need to disable cookies on each device and on each browser separately.