MDClone Privacy Policy
Effective as of September 2022
We at MDClone Limited (together with its affiliated companies – “MDClone“, “we“, “our” or “us“) have developed a healthcare management platform with an innovative synthetic data analytics platform (the “Platform”) enabling healthcare providers, clinics, hospitals and other entities collecting patient healthcare data (the “Customer“) to use technological power to manage, analyze, collaborate and research on patient data. This Privacy Policy is with regards to MDClone’s cloud Platform (as opposed to MDClone’s on-prem Platform).
This Privacy Policy describes our practices regarding the collection, storage, usage, and disclosure of data that relates to identified or identifiable individuals (“personal data” and “data subjects”, respectively), who:
(I) visit or otherwise interact (“Visitors”) with our websites available at www.MDClone.com, or any other webpage, e-mail, text message or online ads under our control (collectively – “Sites”);
(II) interact with us with respect to our services via various sales and marketing channels such as events, webinars, or other business activities (“Prospects”);
(III) act as our Customers’ internal focal persons who directly engage with MDClone concerning their organizational account on behalf of such Customers, e.g., the account administrators and users, billing contacts and authorized signatories on behalf of the Customer and users of the Platform on behalf of such Customers (collectively, “Users”).
The activities described above collectively shall be defined as the “Services.”
This Privacy Policy – which describes MDClone’s independent privacy and data processing practices as a “data controller” – does NOT cover our practices regarding the processing of personal data of Users which we perform solely on behalf of and under the instructions of our Customers (“Customer Data”) as a “data processor”. If you have any questions or requests regarding Customer Data, please contact the relevant Customer directly.
We respect your privacy and are strongly committed to making our practices regarding your personal data transparent and fair.
If you are a User, Visitor or Prospect please read this Privacy Policy carefully and make sure that you fully understand and agree to it.
Our Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Privacy Policy, including information about any Visitors to our Sites, as pertaining to individuals acting as business representatives, rather than in their personal capacity.
You are not legally required to provide us with any personal data, but without it, we may not be able to provide you with the full range of our Services or with the best user experience when interacting with any of our Services.
1. Data Collection
We collect various types of personal data regarding our Visitors, Prospects and Users (“Visitors, Prospects & Users Data”). Such data is typically collected or generated through your interaction with us or our Services, directly from you or through third parties (including via Service Providers, as defined in Section 4 below, and Customers).
Specifically, we may process the following categories of your personal data:
Data received from you: When you are using our Services, you may provide us with personal data relating to you. This typically includes your name, workplace, position, business address, and contact information (such as professional e-mail and phone number).
Data automatically collected or generated: When you visit or interact with our Services, we may collect, record, or generate certain technical data about you. We do so either independently or with the help of third-party Service Providers (defined in Section 4 below), including through the use of “cookies” and other data collection technologies (in the manner further detailed in Section 5 below).
Such data usually consists of connectivity, technical and aggregated usage data, such as IP addresses and general locations, device and application data (such as type, operating system, mobile device ID, browser version, locale, and language settings used), date and time stamps of usage, the cookies and pixels installed or utilized on such device and your recorded activity (sessions, clicks, and other interactions) in connection with our Services. In addition, phone calls (e.g., with our sales representatives, customer success, etc.) may be automatically recorded, tracked, and analyzed, for purposes such as analytics, service, business quality control and improvements, and record-keeping purposes.
Data received from other third parties: We may receive personal data concerning you from other sources. For example, if you participate in an event, webinar, or promotion that we sponsor or participate in, we may receive your personal data from its organizers. We may also receive your contact and professional details (e.g., your name, company, position, contact details, and professional experience, preferences, and interests) from our Customers or Service Providers, and through the use of tools and channels such as LinkedIn and other similar platforms.
Data obtained through analytics tools: We use analytics tools (e.g., Google Analytics) to collect data about the use of our Services. Analytics tools collect data such as how often Visitors and Prospects visit the Sites, which pages they visit and when, and which website, ad, or e-mail message brought them there.
2. Data Uses
We use your personal data as necessary for the following purposes and in reliance on the lawful basis as further detailed below, with the purposes of the processing marked with an underline, and the lawful basis by bold text:
For processing purposed to facilitate, operate and provide our Services, we rely upon the following lawful basis: Performance of a Contract (to the extent applicable), Legitimate Interest
For processing purposed to monitor, study and analyze the use of the Services, we rely upon the following lawful basis for processing: Performance of a Contract (to the extent applicable), Legitimate Interest
For processing purposed to gain a better understanding of how individuals use and interact with our Services, and how we could improve their and others’ user experience and continue improving our offerings and the overall performance of our Services, we rely upon the following lawful basis for processing: Legitimate Interest
For processing purposed to provide customer service and technical support, we rely upon the following lawful basis for processing: Performance of a Contract, Legitimate Interest
For processing purposed to support and enhance our data security measures, including for purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity, we rely upon the following lawful basis for processing: Performance of a Contract, Compliance with legal obligations, Legitimate Interest
For processing purposed to comply with court orders and warrants, and prevent misuse of the Services, and take any action in any related legal dispute and proceeding, we rely upon the following lawful basis for processing: Compliance with legal obligations, Performance of a Contract, Legitimate Interest
For processing purposed to comply with applicable laws and regulations, we rely upon the following lawful basis for processing: Compliance with legal obligations
For processing purposed to contact you with general or personalized service-related messages, as well as promotional messages that may be of specific interest to you, we rely upon the following lawful basis for processing: Performance of a Contract, Consent (to the extent applicable), Legitimate Interest
For processing purposed to facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and Services more effectively, including on other websites and applications, we rely upon the following lawful basis for processing: Consent (to the extent applicable), Legitimate Interest
For processing purposed to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences, we rely upon the following lawful basis for processing: Legitimate Interest
For processing purposed to facilitate, sponsor and offer certain events and promotions, we rely upon the following lawful basis for processing: Consent (to the extent applicable), Legitimate Interest
For processing purposed to create aggregated data, inferred non-personal data or anonymized or pseudonymized data (de-identified data), which we or our business partners may use to provide and improve our respective Services, conduct research, or for any other purpose, we rely upon the following lawful basis for processing: Performance of a Contract, Compliance with legal obligations, Legitimate Interest
If you reside or are using the Services in a territory governed by privacy laws under which “Consent” is the only or most appropriate legal basis for the processing of personal data as described herein (in general, or specifically with respect to the types of personal data you expect or elect to process or have processed by us or via the Services, or due to nature of such processing), your acceptance of this Privacy Policy will be deemed as your consent to the processing of your personal data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at [email protected].
3. Data Location and Retention
Data Location: Your personal data is maintained, processed and stored by us and our authorized Service Providers (defined below) in the US and Israel. We may also process your personal data in other locations as reasonably necessary for the proper performance and delivery of our Services, for our internal business purposes in the location we operate in, or as may be required by law.
While privacy laws may vary between jurisdictions, MDClone is committed to protect personal data in accordance with this Privacy Policy and customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
MDClone Ltd. is headquartered in Israel, a jurisdiction which is considered by the European Commission, the Swiss Federal Data Protection and Information Commissioner (FDPIC), and the UK Secretary of State to be offering an adequate level of protection for personal data coming from the EEA, Switzerland and the UK, respectively. We transfer personal data from the EEA, Switzerland and the UK to Israel on this basis. For data transfers from the EEA, Switzerland or the UK to countries which are not considered to be offering an adequate level of data protection, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission, FDPIC and UK Information Commissioner’s Office (ICO). You can obtain a copy by contacting us as indicated in Section 10 below.
Data Retention: We will retain your personal data for as long as it is reasonably necessary in order to establish, maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy and applicable laws.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete, anonymize or restrict access to it for any reason and at any time, with or without notice to you.
If you have any questions about our data retention policy, please contact us by e-mail at [email protected].
4. Data Disclosure
Service Providers: We may engage selected third-party companies and individuals to perform services on our behalf or complementary to our own. Such service providers include hosting and server co-location services, communications, and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, fraud detection and prevention services, web analytics, e-mail distribution, marketing and monitoring services, session or activity recording services, remote access services, performance measurement, data optimization and enrichment services, social and advertising networks, content providers, e-mail, voice-mails, support and customer relation management systems, and our legal, compliance and financial advisors (collectively, “Service Providers“). These Service Providers may have access to your personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Service, and may only use it for such limited purposes as determined in our agreements with them.
Partnerships: We may engage selected business and channel partners, resellers, distributors and providers of professional services related to our Services, which allow us to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences for our Customers, Users, Visitors, and Prospects. In such instances, we may share relevant contact, business and usage details with the respective partner, to allow them to engage with those entities and individuals for such purposes. If you directly engage with any of our partners, please note that any aspect of that engagement which is not directly related to the Services and directed by MDClone is beyond the scope of MDClone’s Terms of Service and Privacy Policy, and may therefore be covered by the partner’s own terms and policies.
Should you decide to engage any of our service providers or partners, resellers, distributors and other providers on your own, please note that such engagement is beyond the scope of MDClone’s agreement and this Privacy Policy and will therefore be covered by those Service Providers’ terms and privacy policies.
Sharing your Feedback or Recommendations: If you submit a public review or feedback, note that we may (at our discretion) store and present your review on our Services. If you wish to remove your public review, please contact us at [email protected].
Business Customers: Our customers have access to any personal data we process on their behalf in our capacity as a “processor” or a “service provider”, as well as to personal data relating to their users, as it relates to their use of our Services.
Legal Compliance: In exceptional circumstances, we may disclose or allow government and law enforcement officials access to your personal data, in response to a subpoena, search warrant, or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (i) we are legally compelled to do so; (ii) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (iii) such disclosure is required to protect the security or integrity of our Customers and Users, Visitors, Prospects, ourselves or our Services.
Protecting Rights and Safety: We may share your personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of MDClone, our Customers, Visitors, Prospects and Users, or any members of the general public.
MDClone Subsidiaries and Affiliated Companies: We may share personal data internally within our group, for the purposes described in this Privacy Policy. In addition, should MDClone or any of its subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of any of its assets, your personal data may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your personal data then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent notice on our Services.
For the avoidance of doubt, MDClone may share your personal data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may transfer, share or otherwise use non-personal data at our sole discretion and without the need for further approval.
5. Cookies and Data Collection Technologies
Our Services (including some of our Service Providers) utilize “cookies”, anonymous identifiers, pixels, container tags, or other technologies in order for us to provide our Services and ensure that they perform properly, to analyze our performance and marketing activities, for personalization purposes, and for product development and improvements.
Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie. Such cookies and similar files or tags may also be temporarily placed on your device. Certain cookies and other technologies serve to recall personal data, such as an IP address, of a Visitor, Prospect or User. To learn more about our practices concerning cookies and tracking, please see our Cookie Policy.
We also use the web analytics tool Google Analytics. This tool helps us understand users’ behavior on our Services, including by tracking page content, and click/touch, movements, scrolls and keystroke activities. Further information about the privacy practices of our analytics service provider is available at: www.google.com/policies/privacy/partners. Further information about your option to opt-out of this analytics service is available at: https://tools.google.com/dlpage/gaoptout.
6. Communications
Service Communications: We may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, service changes, etc. Please note that you will not be able to opt-out of receiving certain service communications which are integral to your use (like billing notices).
Promotional Communications: We may also notify you about new features, additional offerings, events, and special opportunities, or any other information we think you will find valuable. We may provide such notices through any of the contact-means available to us (e.g., phone, mobile, or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.
If you do not wish to receive such promotional communications, you may notify MDClone at any time by sending an e-mail to [email protected], or by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the promotional communications you receive.
7. Data Security
In order to protect your personal data held with us, we are using industry-standard physical, procedural and technical security measures, including encryption as appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties as described in Section 4 above from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
8. Data Subject Rights
Individuals have rights concerning their personal data. Please contact us by e-mail at: [email protected] if you wish to exercise your privacy rights under any applicable law, including the EU or UK General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), such as – to the extent applicable – the right to know/request access to (specific pieces of personal data collected; categories of personal data collected; categories of sources from whom the personal data was collected; purpose of collecting personal data; categories of third parties with whom we have shared personal data), to request rectification or erasure of your personal data held with MDClone, or to restrict or object to such personal data’s processing (including the right to direct us not to sell your personal data to third parties now or in the future), or to port such personal data, or the right to equal services and prices (e.g. freedom from discrimination) (each to the extent available to you under the laws which apply to you). Under some regulatory frameworks, such as the GDPR, you may also have the right to lodge a complaint with the relevant supervisory authority, as applicable.
Please note that when you ask us to exercise any of your rights under this policy or applicable law, we may need to ask you to provide us with certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal data related to others and to ask you to provide further information to better understand the nature and scope of data regarding which you request to exercise your rights. Such additional data may be then retained by us for legal, compliance and auditing purposes (e.g., as proof of the identity of the person submitting the request or proof of request fulfillment), in accordance with Section 3 above.
We may redact from the data which we will make available to you, any personal data related to others.
9. Data Controller/Processor
Certain data protection laws and regulations, such as the GDPR, UK GDPR and the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CPPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA “service provider”), who processes the data on behalf of the data controller. Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
MDClone is the “data controller” relating to its Visitors, Prospects, and Users’ Data. With respect to such data, we assume the responsibilities of data controller (solely to the extent applicable under the law), as set forth in this Privacy Policy. In such instances, our Service Providers processing such data will assume the role of “data processor”.
MDClone is a “data processor” of Customer Data, which MDClone processes on behalf and in accordance with the respective Customers’ instructions who are in turn the “data controllers”. In such instances, our Service Providers who process such Customer Data on our behalf are the “sub-processors” of such data. For any questions related to the processing of Customer Data, you should contact that relevant Customer directly.
Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on their behalf, as well as all individuals whose personal data may be included in Customer Data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their personal data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, recording, use or other processing of data through our Services are fully met by the Customer, including specifically in the context of patient data. Our Customers are also responsible for handling data subject rights requests under applicable law, by their users, patients and other individuals whose data they process through the Services.
10. Additional Notices
Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an amended version on our Service. The amended version will be effective as of the date it is published. When we make material changes to this Privacy Policy which in our discretion may affect your personal data, we will provide you with prior notice via any of the communication means available to us or via the Services. Your continued use of the Service after the changes have been implemented will constitute your acceptance of the changes.
External Links: While our Services may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to pay attention when you leave our Services for the website or application of such third parties, and to read the privacy policies of each and every website and service you visit. This Privacy Policy only applies to our Services.
Children: Our Services are not designed to attract children. We do not knowingly collect personal data from children and do not wish to do so. If we learn that a person who is considered a minor according to applicable law is using the Services, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any personal data stored with us with regard to such minor. If you believe that we might have any such data, please contact us by e-mail at [email protected].
California Requirements: This policy describes the categories of personal information we may collect and the sources of such information (in Section 1 above), and our retention (Section 3) and deletion rights (Section 8) practices. We also included information about how we may process your information (in Sections 2 through 6), which includes for “business purposes” under the California Consumer Privacy Act (CCPA). We do not sell your personal information for the intents and purposes of CCPA/CPRA. We may disclose personal data to third parties or allow them to collect personal data from our Services as described in Section 4 above, if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such personal data, or if you integrate the services of third parties with our Services, or direct us to disclose your personal data to third parties, or as otherwise described in Section 4 above.
If you have any questions or would like to exercise your rights under the CCPA, you can contact [email protected] or via mail as follows: [X]
Data Protection Officer: MDClone has appointed Luz Erez as our Data Protection Officer (DPO), for monitoring and advising on MDClone’s ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities. If you have any comments or questions regarding our Privacy Policy, if you have any concerns regarding your Privacy, or if you wish to make a complaint about how your personal data is being processed by MDClone, you can contact our DPO at [email protected].
EU and UK Representative: [X] has been designated as MDClone’s representative in the European Union and the United Kingdom for data protection matters pursuant to Article 27 of the EU GDPR and the UK GDPR. Inquiries regarding our EU & UK privacy practices may be sent by e-mail to [email] or via mail as follows _____________.
Questions, concerns or complaints: If you have any comments or questions regarding this Privacy Policy, or if you have any concerns regarding your personal data held with us, please contact MDClone’s support at [email protected], or our Data Protection Officer at [email protected].
If you are a GDPR/UK GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EU or in the UK as applicable to you.