Medix App

Privacy Policy

The Medix Group ("Medix", "us", "we", or "our") recognize and respect the importance of maintaining the privacy of our customers. This Privacy Notice describes the types of information we collect from you when you use our medical management platform available through our mobile application ("App") and the services available thereon ("Services"). This Privacy Notice also explains how we process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at [https://medix-global.com/privacy-policy/] ("Terms"). "You" means an individual using the Services.

 

If you are an individual located in the European Union ("EU Individual"), some additional terms and rights may apply to you, as detailed herein. Medix Medical Services Europe Limited is the data controller in respect of the processing activities outlined in this Privacy Notice. Our registered office is 118 Piccadilly, London, W1J 7NW.

 

"Personal Data" means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This Privacy Notice details which Personal Data is collected by us in connection with provision of the App and Services.

 

Privacy Notice Key Points. The key points listed below are presented in further detail throughout this issue Notice. You can click on the topics in order to find out more information about any topic.

 

Personal Data We Collect, Uses and Legal Basis

Additional Uses

Sharing the Personal Data We Collect

International Transfer

Security

Your Rights - How to Access and Limit Our Use of Certain Personal Data

Data Retention

Cookies and Similar Technologies

Third-Party Applications and Services

Communications

Children

Changes to the Privacy Notice

Comments and Questions

 

*** 

1.Personal Data We Collect, Uses and Legal Basis. Depending on your usage, we collect different types of data and we and any of our third-party subcontractors and service providers use the data we collect for different purposes, as specified below. It is your voluntary decision whether to provide us with certain Personal Data, but if you refuse to provide such Personal Data we may not be able to register you to the App and/or provide you with the Services or part thereof.

 

Registration Data – In order to use our App and/or receive related Services, you will be required to register and provide us with the following Personal Data: your name, email address, and phone number. You may elect to enable the Face ID or Fingerprint authentication for security purposes, however, please note that any Personal Data collected in connection with your use of such features will be stored on your device and we do not store such Personal Data.

How we use this data: (1) to provide you with the App and/or Services and to respond to your inquiries and requests and to contact and communicate with you; (2) to prevent fraud, detect threats, protect the security of and address any problems with the App; and (3) if you have requested that we do so, to provide you with informational newsletters and promotional materials relating to our App and Services, including via email. For more information about our direct marketing activities and how you can control your preferences, please see the Direct Marketing section below.

Legal Basis: (1) We process this Personal Data for the purpose of providing the Services to you which is considered performance of a contract with you including responding to your inquiries and requests and providing customer support. (2) When we process your Personal Data for the purposes of preventing fraud, detecting threats, and protecting the security of and/or addressing problems with the Site and Services, such processing is based on our legitimate interests. (3) When we process your Personal Data for the purpose of providing you with informational newsletters and promotional materials relating to our Services, we do so based on your consent.
 

Personalization Data – You may choose to provide additional Personal Information in the course of use of the App in order to personalize your experience. Such additional information may include your age, gender, and/or birthday. You are not required to provide this information but doing so may allow us to provide you with an enhanced experience using the App.

How we use this data: To provide you with certain features within the App and/or Services.

Legal Basis: We process this Personal Data for the purpose of providing the Services to you which is considered performance of a contract with you.
 

Insurance Policy Eligibility Check – In order for Medix to provide information on insurance coverage eligibility, you will be requested to provide the following data: national ID number, date of birth, main medical condition, and the date of your diagnosis.

How we use this data: We use this Personal Data to check your eligibility for use of our App in connection with your insurance provider.

Legal Basis: We process this Personal Data for the purpose of performance of a contract with you.
 

Payment Data – When paying for Services, which will be managed by way of a third-party service provider, we receive confirmation of such payment.

How we use this data: To confirm the payment for your purchase and for the purposes of fraud prevention.

Legal Basis: We process this Personal Data for the purpose of performance of a contract with you when processing payments. Processing for the purposes of fraud prevention is based on our legitimate interest. 
 

Automatically Collected Data – When you access the App, we automatically collect information about your mobile device, including non-Personal Data such as your operating system, and Personal Data such as your device ID, as well as your browsing history and any information regarding your viewing, use, and payment history on our App.

How we use this data: (1) to review and monitor usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and Services; (2) to prevent fraud, detect threats, and protect the security of our App and Services, and address any problems with the App and/or Services.

Legal Basis: We process this Personal Data for our legitimate interests to develop and improve our products and Services, review usage, perform analytics, prevent fraud, assess threats, for our recordkeeping and protection of our legal rights.
 

Materials You Upload – Any materials, including images, pictures, photos, documents, reports, contact details, and answers to health assessment questions, you may upload or provide through the App, including via chat, will be collected by us.

How we use this data: To provide you with the Services, for research and to evaluate and improve our Services.

Legal Basis: When we process this Personal Data to provide you with the Services, we do so for the purpose of performance of a contract with you. When we process data for research and to evaluate and improve our Services, we do so based on our legitimate interest.
 

Special Categories of Data – In the course of providing our Services to you, we also collect data concerning your health and medical condition, which is subject to special protections under the law. We will only collect such data if you provide your consent.

How we use this data: To provide you with the Services.

Legal Basis: We process this Personal Data based on your consent. You may withdraw your consent by contacting us at info@medix-global.com. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
 

Geo-location – When you enable use of the location settings in your mobile device in the course of using our App, we collect your geo-location.

How we use this data: We use this information in order to provide you with the location-based Services through the App.

Legal Basis: We process this Personal Data based on your consent. You may withdraw your consent at any point, including by emailing us at info@medix-global.com.

 

2. Additional Uses.

Statistical Information and Analytics. We and/or our service providers use analytics tools to collect and analyze information about the use of the App and/or Services, such as how often users visit the App, what pages they visit when they do so, and what other sites and mobile applications they used prior to visiting the App. By analyzing the information we receive, we may compile statistical information across a variety of platforms and users, which helps us improve our App and Services, understand trends and customer needs and consider new products and services, and tailor existing products and services to customer desires. The information we collect is anonymous and aggregated and we will not link it to any Personal Data. We may share such anonymous information with our partners, without restriction, on commercial terms that we can determine in our sole discretion.
 

Direct Marketing. As described above, we may use Personal Data to let you know about our products and Services that we believe will be of interest to you. We may contact you by email. In all cases, we will respect your preferences for how you would like us to manage marketing activity with respect to you. To protect privacy rights and to ensure you have control over how we manage marketing with you:

We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

At any time you can update or correct your personal profile within your account, or change your preferences for the way in which you would like us to communicate with you, including how you receive newsletters from us.

You can ask us to stop sending email marketing by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at info@medix-global.com.

 

3. Sharing the Personal Data We Collect. We share your information, including Personal Data, as follows:
 

Affiliates. Where the relevant Medix entity as identified in the Terms is not Medix Medical Services Europe Limited, your information, including your Personal Data, will be shared with Medix Medical Services Europe Limited, as necessary to provide you with our products and Services, and for the purpose of management of our business.

 

Service Providers, and Subcontractors. We disclose information, including Personal Data we collect from and/or about you, to our trusted service providers and subcontractors, who have agreed to confidentiality restrictions and who use such information solely on our behalf in order to: (1) help us provide you with certain features of the App and/or Services and (2) aid in their understanding of how users are using our App and/or Services.

Such service providers and subcontractors provide us with IT and system administration services, data backup, security, and storage services, data analysis
 

Your Sharing Activities. Through the App, you may choose to share certain materials, including medical information and documents, with third parties, such as healthcare professionals, family members, or friends. We will share this information as you direct. Unless you indicate otherwise, all information and materials will be sent along with a status summary relating to the materials being sent.

 

Business Transfers. Your Personal Data may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition (including in cases of liquidation). In such case, your Personal Data shall continue being subject to the provisions of this Privacy Notice.

 

Law Enforcement Related Disclosure. We may share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our or a third party's rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) when required by law, regulation subpoena, court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is necessary to comply with any legal and/or regulatory obligation.
 

Legal Uses. We may use your Personal Data as required or permitted by any applicable law, for example, to comply with audit and other legal requirements.

 

4. International Transfer.

We use subcontractors and service providers and have affiliates who are located in countries other than your own and send them information we receive (including Personal Data). We conduct such international transfers for the purposes described above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.

 

Whenever we transfer your Personal Data to third parties based outside of the European Economic Area ("EEA") and when required under applicable law, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

 

We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.

Where we use certain service providers not located in countries with an adequate level of protection as determined by the European Commission, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.

 

Please contact us at info@medix-global.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

 

5. Security. We have implemented and maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:

 

Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers, firewalls, antivirus, and SSL encryption of data.

 

Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions periodically, verify user access, and revoke access immediately after employee termination. 

End to End Authentication. The App utilizes end-to-end authentication from users to the database in order to mitigate potential attacks.
 

Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
 

Personnel – We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.
 

Encryption – We encrypt the data in transit using secure TLSv1.2 protocols.
 

Standards and Certifications – We have been certified as compliant with ISO 27001 (Information Security Management).
 

Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly, generally at least once per month. Backups are encrypted, using a Medix-managed encryption key, which is replaced periodically, are tested regularly to ensure availability, and are accessible only by authorized personnel.
 

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
 

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
 

6. Your Rights - How to Access and Limit Our Use of Certain Personal Data. Subject to applicable law and certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to the Personal Data that we hold about you, as detailed below. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:
 

Right of Access. You have a right to know what Personal Data we collect about you and, in some cases, to have such Personal Data communicated to you. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, and, in such case, we will endeavor to explain to you why.
 

Right to Data Portability. If the processing is based on your consent or performance of a contract with you and processing is being carried out by automated means, you may be entitled to (request that we) provide you or another party with a copy of the Personal Data you provided to us in a structured, commonly-used, and machine-readable format.

 

Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data.

 

Deletion of Personal Data ("Right to Be Forgotten"). If you are an EU Individual, you have a right to request that we delete your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent and you have withdrawn your consent, (iii) you have successfully exercised your Right to Object (see below), (iv) processing was unlawful, or (iv) we are required to erase it for compliance with a legal obligation. We cannot restore information once it has been deleted. Please note that to ensure that we do not collect any further Personal Data, you should also delete our App from your mobile devices and terminate your account with us. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, or as otherwise permitted and/or required under applicable law.

 

Right to Restrict Processing. If you are an EU Individual, you can ask us to limit the processing of your Personal Data if either: (i) you have contested its accuracy and wish us to limit processing until this is verified; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request under certain circumstances.

 

Direct Marketing Opt Out. You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. If you do, please notify us by contacting us at info@medix-global.com. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
 

Right to Object. If you are an EU Individual, you can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
 

Withdrawal of Consent. You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent. This will not affect the lawfulness of any processing prior to such withdrawal.
 

Right to Lodge a Complaint with Your Local Supervisory Authority. If you are an EU Individual, you may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data, though we ask that as a courtesy you please attempt to resolve any issues with us first.

 

7. Data Retention.
 

Subject to applicable law, we retain Personal Data as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our processors may vary in accordance with the processor's retention policy.
 

We review our retention policies annually in an effort to comply with applicable regulation.
 

In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements. Generally speaking, medical and Personal Data is saved for a period of seven (7) years, though this retention period may depend on the relevant jurisdiction.
 

Please contact us at info@medix-global.com if you would like details regarding the retention periods for different types of your Personal Data.
 

8. Cookies and Similar Technologies. We use cookies and similar technologies, such as pixels, for a number of reasons, including to help personalize your experience
 

What are Cookies? A cookie is a small piece of text that is sent to a user's browser or device. The browser provides this piece of text to the device of the originating user when this user returns.

A "session cookie" is temporary and will remain on your device until you leave the App.

A "persistent" cookie may be used to help save your settings and customizations across visits. It will remain on your device until you delete it.

First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.

We may use the terms "cookies" to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above, such as web beacons or "pixel tags".
 

How We Use Cookies. We use cookies and similar technologies for a number of reasons, as specified below.

The specific names and types of the cookies, pixels, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:

Type of CookieWhy We Use These Cookies
FunctionalityThese cookies remember your settings and preferences and the choices you make (such as language or regional preferences) in order to help us personalize your experience and offer you enhanced functionality and content.
SecurityThese cookies can help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.
PerformanceThese cookies can help us collect information to help us understand how you use our App, for example whether you have viewed messages or specific pages and how long you spent on each page. This helps us improve the performance of our App.
AnalyticsThese cookies collect information regarding your activity on our App to help us learn more about which features are popular with our users and how our App can be improved. 

 3. Third Party Cookies:

Mixpanel

Bugsnag

Grafana

4. How to Adjust Your Preferences. Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.

 

9. Third-Party Applications and Services. All use of third-party applications or services is at your own risk and subject to such third party's terms and privacy policies.
 

10. Communications. We reserve the right to send you service-related communications, including service announcements and administrative messages, without offering you the opportunity to opt out of receiving them. Should you not wish to receive such communications, you may cancel your account.

11.Children. We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.

 

12. Changes to the Privacy Notice. We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on our Site or per email.

 

13. Comments and Questions. If you have any comments or questions about this Privacy Notice or if you wish to exercise any of your legal rights as set out herein, please contact us at info@medix-global.com or contact our Data Compliance Manager at via email to yairm@medix-global.com.

 

14. If you are an individual located in Australia the above applies to you subject to the following:

  • Medix collects Personal Data directly from You and also collects Personal Data from medical service providers and other providers of medical and non-medical services, with Your prior consent.

     Medix holds Personal Data {how – eg electronically in secure cloud…..}
  • Disclosure regarding the Your Personal Data, including Health Information may include:
    • Where disclosure is expressly consented, requested or permitted by the You; or
    • Where disclosure is required by law or Regulations or by any court or any relevant regulatory body.
  • Clause 1.3 is not applicable if you are in Australia. 
  • The Data referred to in paragraph 1.7 above is referred to as Health Information and Sensitive Information under the Privacy Act.
  • Clause 4.2 is replaced with:
    Medix may disclose Your Personal Data to overseas recipients if required to provide the Services and the disclosed Uses. Those potential recipients are:
    • Medix’s related entity offices in Hong Kong, Singapore and United Kingdom:
      • To doctors and other members of the Medix Group team providing the Medix Services (provided that such disclosure is only for the purpose of enabling them to provide the Medix Services and the recipients are bound by an obligation of confidentiality);
      • To specialist doctors, who may be situated in any part of the  world, to assist in providing the Medix Services, provided that such disclosure is only for the purpose of enabling them to provide the Medix Services;
      • To third party health care providers if Medix wishes to retrieve medical information from them which is necessary for the provision of the Medix Services:
    • To the insurance company with whom You (or Your family member) has the policy of insurance in connection with which the Medix Services are provided if the You make a complaint about Medix or the Medix Services, and only for the purpose of the insurance company responding to or investigating such complaint and its resolution.  Deidentified information may also be provided by Medix to the insurance company for quality control purposes and general data reporting;

Each of these potential overseas recipients is contractually required to not breach Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.  Medix is familiar with their privacy policies. 

  • In relation to clause 6.1 you will not be charged a fee to access your Personal Data if You are an Australian Individual.
  • Clauses 6.4, 6.5 and 6.7 do not apply.
  • As to clause 6.9 Your Local Supervisory Authority is the Office of the Australian Information Commissioner, GPO BOX 5218, Sydney NSW 2001 , enquires@oaic.gov.au
  • As to clause 7.3, please note that in Australia Personal Data shall be destroyed after a period of 10 years from the day on which Medix stops providing the Medix Services to that Eligible Person, or such longer period as reasonably required.

Last updated: May 2023