Last revised October 19, 2021
Medocal Limited, Grigori Afxentiou 39, Academia Centre, Block C, Office 101, Larnaca 6021, Cyprus (“Medocal Company” or “we” or “our“) and each of its affiliates in Cyprus takes data privacy seriously. This Privacy Policy informs the users of medocal.com and any other Company-owned websites or mobile applications on which this Privacy Policy is displayed (“Website“) how we, as controller within the meaning of the General Data Protection Regulation (“GDPR“) collect and process the personal data and other information of such users in connection with their usage of the Website.
1. Categories of Personal Data and Processing Purposes – What personal data do we process about you and why?
Personal data, or personal information, means any information about an individual from which that person can be identified.
Metadata
You may use the Website without providing any personal data about you. In this case, we will collect only the following metadata that result from your usage of the Website: browser type and version, operating system and interface, website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website, and internet protocol (IP) address.
Your IP address will be used to enable your access to our Website. The metadata, including the shortened IP address, will be used to improve the quality and services of our Website and services by analysing the usage behaviour of our users.
If you fail to provide personal data:
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the services we provide to you, but we will notify you if this is the case at the time.
Account
If you create an account on our Website you will be asked to provide the following personal data about you: contact name, company name, company address, email address, telephone number, selected password for your account, payment details, invoicing and delivery address and your preferences in receiving marketing from us (voluntary). We process such personal data for purposes of account administration, answering your queries or information requests, providing desired products or services, providing you with marketing materials where you have provided consent for us to do so, to the extent permitted by applicable law, analysing your interests for marketing purposes, improving our Website according to usage patterns, and for technical administration or other purposes to which you have agreed.
Product Orders
If you order a product via our Website we collect and process the following personal data about you: contact name, company name, company address, email address, telephone number, payment details, invoicing and delivery address, type and amount of product, purchase price, order date, order status, product returns, customer care requests, and your preferences in receiving marketing from us (voluntary). We process such personal data for purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims, providing you with marketing materials where you have provided consent for us to do so, to the extent permitted by applicable law, and analysing your interests for marketing purposes.
Newsletter
If you request to receive our newsletter, we collect and process the following personal data about you: name, email address and your preferences in receiving marketing communications (voluntary). We process such personal data for purposes of providing the newsletter and other marketing materials to the extent permitted by applicable law and where you have provided us consent to do so, and analysing your interests for marketing purposes.
Contact Us
On our website, we offer you the opportunity to contact us via a contact form. For this we need the following personal data from you: name and email. The personal data that you provide us in the context of this contact request will only be used to answer your inquiry and for the technical administration thereof. The transfer to third parties does not take place. Your personal data will be deleted as soon as we have processed your request or you revoke the consent you have given.
2. Processing Basis and Consequences – What is the legal justification for processing your personal data and what happens if you choose not to provide it?
We rely on the following legal grounds for the collection, processing, and use of your personal data:
- your consent to the processing of your data for one or more specific purposes (as detailed in Section 1) ; or if
- we have a legitimate interest in doing so (including but not limited to) a legitimate interest in performing marketing activities, research activities, data analytics, internal administration functions, processing and enforcing legal claims and conducting our business in compliance with all applicable laws, relevant industry standards and our policies.
The provision of your personal data is not required by a statutory or contractual obligation. The provision of your personal data is not necessary to enter into a contract with us or to receive our services/products as requested by you. The provision of your personal data is voluntary for you.
Not providing your personal data may result in disadvantages for you, for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
3. Categories of Recipients and International Transfers – Who do we transfer your personal data to and where are they located?
We may transfer your personal data to third parties for the processing purposes described above as follows:
- Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within our Company may receive your personal data. For example, our IT department may have access to your account data, and our e-commerce and sales departments may have access to your account data or data relating to product orders. Moreover, other departments within our Company may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department or internal auditing.
- With data processors: Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data under appropriate instructions (“Processors“) as necessary for the processing purposes described above, such as website service providers, order fulfilment providers, customer care providers, marketing service providers, IT support service providers, and other service providers who support us in maintaining our commercial relationship with you. The Processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process the personal data only as instructed.
- Other recipients: We may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without your permission.
Any access to your personal data is restricted to those individuals that have a need-to-know in order to fulfil their job responsibilities.
4. Retention Period & Data Security
Your personal data will be retained as long as necessary to provide you with the services and products requested. Once you have terminated the contractual relationship with us or otherwise ended your relationship with us, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which our company is subject–e.g., taxation purposes).
We may retain your contact details and interests in our products or services for a longer period of time if MEDOCAL LTD is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, disclosed used or accessed in an unauthorised way. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5. Your Rights – What rights do you have and how can you assert your rights?
Right to withdraw your consent: If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular, regarding the receipt of direct marketing communication via email, telephone/SMS and postal), you can withdraw this consent at any time with immediate effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. Please contact us to withdraw your consent. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
Additional data privacy rights: Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data (including objection to profiling).
Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the GDPR applies:
- Right to request access to your personal data: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to request rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to request erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
- Right to request restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
- Right to request data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
- Right to object:Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if we collect and process your personal data for profiling purposes in order to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below. Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded. If you no longer want to receive direct marketing via email, telephone/SMS, and postal, you need to withdraw your consent as explained at the start of Section 5.
- Right to lodge a complaint with the supervisory authority in Cyprus, the Office of the Commissioner of Personal Data (www.dataprotection.gov.cy).
Children: We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any personal data to us.
To exercise your rights, please contact us.
6. Cookies and other tracking technologies
This Website uses cookies and other tracking technologies.
What is a cookie?
A cookie is a small text file a web portal installs on your computer, tablet or smartphone when you visit the portal. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser. Cookies can help us in many ways, they make it for example possible for the portal to remember certain entries and settings (e.g. login info, language, font size and other display preferences) for a specific period of time so you do not have to re-enter this information every time you visit and navigate the portal., for example, by allowing us to tailor a Web site to better match your interests or to store your password to save you having to re-enter it each time. Furthermore, when you visit our website you may notice some cookies that aren’t related to us. If you go on to a web page that contains embedded content, you may be sending cookies from these websites.
If cookies aren’t enabled on your computer you will still be able to browse medocal.com but your experience will be limited and you may not be able to add items to your cart.
Using your web browser’s settings you can view the cookies on your computer, remove all or some cookies and set rules on when to allow and not allow cookies to be set
We don’t control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them. If you do not wish to receive cookies, please configure your Internet browser to erase all cookies from your computer’s hard drive, block all cookies or to receive a warning before a cookie is stored.
For more information on how to manage cookies in your particular web browser we recommend you visit www.aboutcookies.org.
What are your choices regarding cookies?
If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.
Please note, if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
How we use cookies and for which purpose:
The Cookies used on medocal.com website are categorised using the categories in https://gdpr.eu/cookies/. Here is a list of the main cookies we use and what we use them for.
Category 1: Strictly necessary cookies.
These cookies are essential for the operation of our website and online tools or services. They include, for example, cookies that enable you to log into private areas of our website. For those type of cookies that are strictly necessary, no consent is required.
Purpose of cookie
These cookies are required to make the core functionality of the website to work. They ensure that your shopping selections are carried through your journey by preserving your states across page requests.
Category 2: Google Analytics, Google Signals, performance and statistics cookies.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
In case IP-anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-anonymization is active on this website.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.
The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add on for your current web browser: tools.google.com/dlpage/gaoptout.
As an alternative to the browser plug-in and especially for mobile browsers, please click on the following link to set an opt-out cookie. This opt-out cookie prevents detection by Google Analytics within this website. https://www.medocal.com/data-protection-policy/?google-analytics-opt-out=true
We also use the web analysis service, Google Signals. Via Google Signals, Google provides us with reports on cross-device user numbers, as well as different groups of users, based on different device combinations. In order to do so Google uses the data of users who have activated the option “personalized advertising” in their Google account settings. Google Signals can only be used with activated IP anonymization. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. Thus, no conclusions can be drawn as to the identity of a single user.
You can object to the collection of your data via Google Signals, at any time via disabling “personalised advertising” in your Google Account: https://support.google.com/ads/answer/2662922?hl=en
Additional information on how Google handles personal data in its advertising network can be found here: Advertising and Privacy
Purpose of cookie
Various unique identifiers. Google set a number of cookies on any page that includes a Google Map or YouTube Video. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
Expiration Date
Most of the cookies expire 10 years after your last visit to a page containing a Google Map.
Category 3: Advertising, Targeting, marketing & 3rd party cookies.
These cookies are used to deliver adverts that are relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
Controlling cookies
You can randomly manage and/or delete these cookies. You can delete all of the cookies stored on your computer and you can set up most browsers in such a manner that the archiving of cookies is prevented in the first place.
However, if you do this, you may have to manually adjust some settings every time you visit and live with the impairment of some of the functions.
7. Questions and Contact Information
For further information and to exercise your statutory rights according, please contact us at: info@medocal.com.
8. Changes to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, regulatory or operational requirements. We will notify you of any such changes, including when they will take effect, by updating the “Last revised” date above or as otherwise required by applicable law.
Your continued use of our website after any such updates take effect will constitute acceptance of those changes. If you do not accept updates to this Privacy Policy, you should stop using our website.
