MedCert understands the importance of keeping your data private, particularly your medical data. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This policy covers:
1. Who we are;
2. What personal data we collect and how we collect it;
3. What we use your personal data for;
4. Sharing your personal data;
6. Data security and transfers;
7. Embedded content from other websites; and,
8. Your rights.
If you have any further questions about how we process your information, please don’t hesitate to get in touch by contacting our Data Protection Officer: Address: Data Protection Officer, MedCert, 1 High Street, Watlington, OX49 5PH
Who we are
Our website address is: https://medcert.co.uk.
MedCert provides medical reports for those applying for, or renewing, a shotgun or firearms licence. These are provided in and through the format specified by the relevant licensing authority.
Any reference to “MedCert”, “our”, “us” and “Company” are references to MedCert Limited, a limited company registered in England and Wales (company number 12134380), the registered office being 20-22 Wenlock Road, London, N1 7GU.
What personal data we collect and why we collect it
We use the following categories of personal data:
When you register with us, you complete forms and provide us with information about yourself, such as your name, date of birth, physical address, email address, and licensing authority. You are responsible for the accuracy of the information that you provide to us.
If you use our contact form we will utilise your name, contact details and query to provide customer service, and store this information for up to one year.
Health and medical information
The main type of information we hold about you is health and medical information: information about your GP, and the copy of your medical records submitted to us by your record holder (for example your GP, specialist referral services, therapists, and hospitals) or by yourself.
If you make any payments on the website, your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information.
Technical information and analytics
When you visit our website, we may automatically collect the following information where this is permitted by your device or browser settings:
• technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and
• information about your visit (such as your total number of pageviews), including products and services you viewed or used, interaction information and any phone number used to call our customer service number.
What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
Providing you a service
• We obtain and use your personal details and financial details in order to establish and deliver our contract with you and (if applicable) charge you correctly.
• We obtain and use your medical information because this is necessary for the service you purchase from us. This may us liaising with other healthcare professionals who have provided, are providing, or will provide care to you, such as your GP, specialist referral services, therapists, and hospitals.
Keeping you up to date
• We use your email address, phone number and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time.
• Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within our website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our offering so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
• Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
Sharing your personal data with others
Information sharing with other healthcare providers
• We may share your personal data with your healthcare provide to access your medical records, or to follow up on a request for your medical records which is being processed.
• We may also share your information with your healthcare provider in order to discuss clinical information that has been shared by them or yourself.
Information sharing with your licensing authority
• We may, as per the requirements of your licensing authority or as deemed necessary by them and/or us and/or yourself, share your information with your licensing authority. This includes your personal information and your completed medical report.
• We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
• We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
We securely store the copy of medical records for three months in order to facilitate any follow-up queries arising from your medical report. Following this we securely destroy the records unless we have received prior notice, in writing, that you would like the copy returned to you.
We also securely store a digital copy of your proforma and your basic customer details (such as name, customer number and contact details) so that we may provide a better service to you in future.
Data storage, security and transfers
We store all your data on secure servers or, in the case of paper information, in secure storage.
Where you have chosen a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology.
Your data may be processed or stored via destinations outside of the UK and the European Economic Area (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
What rights you have over your data
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us. You also have specific rights under the GDPR and DPA to:
• wherever we process data based on your consent, withdraw that consent at any time.
• understand and request a copy of information we hold about you. You can make this request by contacting us.
• ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store data for administrative, legal, or security purposes, and/or for prescribed periods of time;
• ask us to restrict our processing of your personal data or object to our processing; and
• ask for your data to be provided on a portable basis.
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
For any questions or concerns, you can contact us at MedCert, 1 High Street, Watlington, OX49 5PH, or at firstname.lastname@example.org