Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who are we?
MTM Global Limited collects, uses and is responsible for personal information about you. When we do this, we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.
Our Data Protection Officer is Helen Norris and our Data Protection Team can be contacted at email@example.com.
Information collected by us
Personal data, or personal information, means any information about an individual from which a person can be identified. We may collect, use, store and transfer the following different kinds of personal data about you:
- Telephone number
- Email address
- Date of birth
- Medical history
- Marketing preferences
- Country of Residence
How is your personal data collected?
We only collect data from and about you by you giving us your personal information by filling in forms, questionnaires or by corresponding with us by phone, email or otherwise or automatically when you visit our website (see the “Cookies” section below).
How do we use your Personal Data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests.
- Where we need to comply with a legal obligation
Generally, we do not rely on consent as a legal basis for processing your personal data other than your medical history.
We will however get your consent before sending direct marketing communication to you via email.
You have the right to withdraw your consent either to our processing of your medical history data or to marketing at any time by contacting us.
We have set out below, in a table format, a description of the ways we plan to use your personal data, and which legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|Purpose/Activity||Lawful basis for processing (including basis of legitimate interest)|
|To register you as potentially interested in services from a healthcare provider listed on our website.||Necessary for our legitimate interests (to develop our services and grow our business)|
|To deliver relevant content to you and measure or understand the effectiveness of providing said content||Necessary for our legitimate interests (to study how website users, patients and/or other healthcare providers may use our services, to grow our business and to inform our marketing strategy|
|To assist healthcare providers in their evaluation of your suitability for a procedure or treatment||Your consent|
You can ask us to stop sending you messages at any time by contacting us as per the details at the bottom of this privacy notice.
Who will we share your personal information with?
We will not share your personal data with any third party for marketing purposes.
We have relationships with a number of third parties that we may share your personal data with e.g. for us to receive IT services. For a list of these third parties please contact our Data Protection Team at the above address.
We will share personal information with healthcare providers who you have indicated to us you may be interested in receiving treatment and/or procedures from.
We will share personal information with law enforcement agencies if required by applicable law.
We will not share your personal information with any other third parties without your consent.
How long will we store your personal information
We will only retain your personal data for as long as reasonably necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal or regulatory requirements. In some circumstances you can ask us to delete your personal data (see “Your rights” below).
Transferring your personal information outside the EEA
In order to deliver services to you it may sometimes be necessary for us to share your personal information outside the European Economic Area (“EEA”) specifically in circumstances where a healthcare provider, in respect of whom you are interested in receiving procedures and/or treatments from, is located outside of the EEA.
These transfers are subject to special rules under European and UK data protection law.
The following countries to which we may transfer personal information have been assessed by the European Commission as providing an adequate level of protection for personal information:-
Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to the privacy shield framework)
Except for the countries listed above, these non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure that the transfer complies with data protection law and all personal information will be secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please contact us.
Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way.
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR
If you want to exercise any of these rights, please:
- Email, call or write to our Data Protection Team at the above address;
- Provide other information so that we can identify you. We may need to contact you to request further information to verify your identity;
- Let us have proof of your identity and address;
- State the right or rights that you wish to exercise.
We will respond to you within one month from when we receive your request.
How to make a complaint
Please get in touch if you have any issues or complaints (see “Get in touch” below).
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular, in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority if the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties, who have a business need to know. They will only process your personal data on our instructions and they are subject to confidentiality restrictions.
If you require further information about how we protect your data, please contact Helen Norris (see “Get in touch” below).
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes we will inform you.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider. This information helps us to build a profile of our users and how our website is used as well as gathering performance data for our website. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
We will ask for your permission to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.
The table below provides more information about the cookies we use and why:
|__atuvc||This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.||1 year||Functional|
|__atuvs||This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.||30 minutes||Functional|
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years||Analytics|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.||1 day||Analytics|
|_gat_gtag_UA_145742698_1||Google uses this cookie to distinguish users.||1 minute||Analytics|
|uvc||The cookie is set by addthis.com to determine the usage of Addthis.com service.||1 year||Analytics|
|loc||This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.||1 year||Advertisement|
|_fbp||This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.||2 months||Advertisement|
|fr||The cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behaviour of the user across the web on sites that have Facebook pixel or Facebook social plugin.||2 months||Advertisement|
|IDE||Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.||1 year||Advertisement|
How to turn off all cookies and consequences of doing so
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
Changes to this privacy notice
This privacy noticed was published on 5 June 2020.
We constantly review our internal privacy practices and may change this policy from time to time. When we do we will inform you.
Get in touch
If you have any questions about this privacy notice or the information we hold about you or wish to opt-out please contact our Data Protection Team at firstname.lastname@example.org.
If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us (see “Get in touch” above).