Collection, use, disclosure and retention of personal information
Meddiff collects personal information that customers and others provide to us, when using our services, requesting technical support, joining our mailing list etc.
This information may include:
contact information, such as name, email address, mailing address or phone numberspreference information, such as notifications or communication preferences.
This information is only used for the purposes for which it is collected, including:
- providing services
- responding to inquiries
- providing troubleshooting, technical and product support; and
- sending information about products and services (e.g., by email, phone).
Meddiff provides products and services that allow healthcare providers to more effectively manage, access, share and archive medical images and data. Depending on the product or service provided, we may obtain and process personal information about the patients of a healthcare provider on behalf of that provider. We will use this information for the purposes of serving our customers only and will retain such information as long as necessary to meet those purposes.
Our customers are required to ensure that they have consent or other lawful authority to transfer personal information to Meddiff for processing. Any such information provided is solely for the purpose of providing troubleshooting, diagnostic, or other support services on the software products provided by Meddiff.
Any other information collected, such as originating domain, time of visit, connection speed, and pages accessed is maintained in aggregate form. As is true of most websites, we gather certain information automatically. This information may include browser type, Internet protocol (IP) addresses, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, and/or clickstream data to analyze trends in the aggregate and administer the site. Meddiff makes no attempt to correlate such information to an individual user. This information is not individually identifiable and will only be used to improve the performance and responsiveness of our website.
Meddiff will not share your personal information with third parties except
- with your consent
- where necessary to fulfill a purpose for which the personal information was collected (e.g., we may provide your personal information to a service provider in order to process a payment or to send you marketing emails you have requested);
- to respond to a warrant or court order
- to comply with court rules regarding the production of records and information
- in urgent circumstances to protect the life, health or security of any person;
- where otherwise required by law.
When Meddiff shares your information with third parties who provide services on our behalf to help with our business activities, these companies are authorized to use your personal information only as necessary to provide these services to us.
Potential 3rd party partners include:
Cloud hosting/API service provider;
Meddiff may retain your personal information as long as is necessary to fulfill the purpose of its collection, and for as long as your account is active, to comply with our legal obligations, to resolve disputes and to enforce our agreements.
Storage outside of your country
Personal information collected by Meddiff may get transferred and stored outside of the country in which you reside. As such, Meddiff may be legally required to provide personal information to government institutions, law enforcement agencies or courts in either in those countries in order to respond to a warrant, or other lawful order.
In certain situations, Meddiff may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security enforcement requirements.
Meddiff will take reasonable and appropriate steps to ensure that personal Information is processed in a manner consistent with obligations under the Principles. All data received will be protected according to the Policy.
- Encrypting data both in transit and at rest.
- Ensuring that all data is logically separated from other clients’ data.
- Implementing a training program to ensure that all Meddiff personnel are competent with the handling of sensitive information.
Meddiff agents may only use, access or disclose patient information under circumstances outlined in the Master Services Agreement, or where required by law.
Meddiff will take reasonable and appropriate steps to stop and remediate unauthorized processing. Any discovery of unauthorized processing will be notified to email@example.com
Meddiff will provide a summary to organizations or any relevant privacy provisions of the Master Services Agreement upon request.
The security of your personal information is important to us. Meddiff endeavors to keep personal information as secure as possible and employs generally accepted industry standards to do so. The following is a summary of the measures taken by Meddiff to protect your information.
Meddiff uses Secure HTTP (HTTPS), TLS, and AES 256-bit encryption when transmitting data such as personal information, so that no one else can read it while it is being transmitted over the Internet.
Meddiff maintains reasonable physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.
2.3.Vendors and Partners
Meddiff requires its vendors and partners to protect the security and privacy of personal information. These vendors include:
- Microsoft Azure
- Amazon Web Services
- Grey Tip
2.4.Employee and Contractor Access to Information
Meddiff limits access to personal information to those employees and contractors who reasonably require such access in order to provide products or services to you or in order to do their jobs.
2.5.Education and Training for Employees
Meddiff has implemented a company-wide education and training program about security that is required of every Meddiff’s employee.
2.6.Security Steps You Can Take
If you are a user of an Meddiff service that requires you to create an account with a password, do not share that password with anyone. Please contact us (firstname.lastname@example.org) if you believe your Meddiff account has been compromised or if you have been contacted by someone about your Meddiff’s account asking for a password or other personal information. In the event that you believe your personal safety is at risk or if you believe that you may be the victim of identity theft or other illegal conduct, please contact the appropriate federal, state or local law enforcement agencies directly.
2.7.Access to your personal information
Upon request, Meddiff will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us as described in the “Contacting Meddiff” section below. We will respond to your request within a reasonable timeframe, and we will abide by your requests unless otherwise required by law.
Meddiff acknowledges that you have the right to access your personal information. Meddiff has no direct relationship with the individuals whose personal information we process on behalf of our customers. If you wish to access, correct, amend, or delete information about you that was provided to Meddiff by an Meddiff customer, you should contact the Meddiff customer with whom you have a direct relationship (i.e. the account owner). If requested to remove data we will respond within a reasonable timeframe.
Meddiff relies upon assurances from its customers that the personal information that Meddiffreceives or is given access to by its customers is relevant for the purposes for which it is to be used and that its customers have obtained the requisite consents to enable the lawful processing of personal information by Meddiff. Meddiff uses the data only in accordance with its customers’ instructions.
Meddiff will take reasonable steps to ensure that personal information entered into its systems retains its original relevance, accuracy, completeness and currency.Also, Meddiff cannot provide patients with access to their personal information in that information was provided to Meddiff by a healthcare provider. Patients of Meddiff’s healthcare provider customers should contact their healthcare providers to obtain access to their personal information.
For more information, feel free to reach out to us at email@example.com
Meddiff will store information that is covered under the Master Services Agreement. Meddiffhas incorporated controls to prevent processing of data not covered under Meddiff clearance by FDA and CE.
Meddiff will store patient data for a minimum of 7 years, or longer where required. Meddiff does not delete patient data; however, at a client’s request, Meddiff will delete data at anytime.
Our clients, healthcare providers, are responsible for providing access to their consumer’s personal information. We will support our clients in the effort to correct, amend or delete information per the policy; however, the burden of access lies with the client. Should a patient request a copy of his records, Meddiff will document and process the request.
All privacy practices are reviewed annually in March to ensure
- that practices are implemented correctly;
- areas where non-compliance are discovered;
- effectiveness of closed non-compliance.
When inquiries and requests are received, Meddiff will respond promptly to said requests.
Links to other websites
A “cookie” is a small text file sent by a web server to a web browser to transmit information back to that browser. Cookies are a way to have the browser remember specific bits of information to improve the user experience by simplifying the delivery of relevant content, making site navigation easier, etc. We do not record personal or sensitive information in our cookies.
Do Not Track
Currently, various browsers offer a “do not track” or “DNT” option which sends a signal to websites visited by the user about the user’s browser DNT preference setting. Meddiff does not currently commit to responding to browsers’ DNT signals with respect to Meddiff’s websites, in part, because no common industry standard for DNT has been adopted, including no consistent standard of interpreting user intent.
We may display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial with your name. If you wish to update or delete your testimonial, you may contact us as described below.
Requesting to be removed from email lists
You may sign-up to receive newsletters or email from Meddiff. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you, at your user account on our website, or by contacting us as described below.
Deleting your Meddiff account
If you are a user of Meddiff, you can email firstname.lastname@example.org and we will coordinate account deletion with the administrator.
For EU Individuals: Your Rights under the General Data Protection Regulation
The General Data Protection Regulation (GDPR) is effective since May 25, 2018. EU residents now have greater say over the use, processing, and disposal of their personal data.
Right of access and correction
You have the right to review and amend any personal data stored in our system if you believe it may be out of date or incorrect. Just send an e-mail to email@example.com.
Right of cancellation
ou have the right at any time to withdraw your consent to the use of your personal data in the future. Again, just send an e-mail to firstname.lastname@example.org.
Right of grievance
You may also have the right to raise your grievance to the relevant supervisory authority. A list of supervisory authorities is available here:http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Changes to this privacy statement
This Privacy Statement was last updated on December 20, 2020. Meddiff reserves the right, at its discretion, to change, modify, add, or remove portions of this Privacy Statement at any time. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to check this page periodically for changes. Your continued use of Meddiff services following the posting of changes to this Privacy Statement will mean that you accept those changes.
If you have any questions or concerns about this Privacy Statement or our privacy practices, please contact our Privacy Officer at email@example.com.When contacting us, please be sure to provide us with your exact e-mail address, name, address and/or telephone number(s) in order to be sure we handle your inquiry correctly.
You may also contact us at:
Data Protection Officer, Meddiff, Salarpuria Palladium, 2nd Floor, #2021,100 Feet Road,HAL 2nd Stage, Indira Nagar, Bengaluru, Karnataka 560008