Privacy Policy

Introduction

Med Automation Ltd (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This policy outlines how we collect, use, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR).

Information We Collect

To provide appointment management services (our services”), we collect and store the following personal information:

• Personal Identification Information: Name, date of birth, mobile number.
• Appointment Details: Doctor’s name, type of scan, etc.
• Call Recordings.

On our website, if users wish to be contacted, we collect:

• Contact Information: Name, phone number, email, workplace.

How We Use Your Information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where you have given your consent.

We use your information to:

• Provide and manage our services, including appointment booking, rescheduling, and cancellations.
• Communicate with you and healthcare providers.
• Improve our website, services, and patient experience.
• Comply with legal obligations.

Why We Collect This Information

We collect this information to:

• Process appointment requests and forward them to the customer’s booking systems.
• Contact you if necessary (e.g., change in appointment, preparation steps).
• Contact interested prospects for product demos and services.

How We Store This Information

• The details we collect on our platform are stored in a secure database.
• Information entered on our website is sent to us by email.

Legal Basis for Processing

We process your data based on the following legal bases under the UK GDPR:

• Consent: When you have given us explicit consent for specific purposes (Article 6(1)(a) UK GDPR).
• Contractual Necessity: To fulfil a contract with you or to take steps at your request before entering into a contract (Article 6(1)(b) UK GDPR).
• Legal Obligation: To comply with legal requirements to which we are subject (Article 6(1)(c) UK GDPR).
• Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Article 6(1)(f) UK GDPR).

For processing special category data (such as health information) related to appointment bookings, we rely on:

• Explicit Consent: When you have given us explicit consent (Article 9(2)(a) UK GDPR).

Obtaining Explicit Consent

We may request explicit consent verbally, including via our voice-based system. To ensure compliance, the following steps are taken:

1. Clear Information: The system will inform you about the data being collected, the purpose, and how it will be used.
2. Affirmative Action: You will be required to provide an unambiguous affirmative response (e.g., saying “I consent”) to indicate your consent.
3. Recording Consent: Your response and the information provided will be recorded and documented for future reference.

Child Safety

Protecting the safety of children is important to us. Our services are intended for use only by persons who are at least 18 years of age. By using our Services, you confirm to us that you meet this requirement. If you are under the age of 18, you confirm you have received permission from your parent or guardian before using our Services or sending us personal information.

If you are under the age of 13, your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.

If you suspect that a child under 18 is accessing our appointment management services and providing personal data without their parent or guardian’s consent, please contact our Data Protection Officer at [email protected] so that we can investigate and remove/delete the data where necessary.

Data Sharing

We may share your data with:

• Service providers and business partners who assist us in providing our services.
• Healthcare providers (hospitals, GP surgeries) for managing appointments and patient care.
• Legal authorities if required by law.

Data Security

We implement appropriate technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction.

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes we collected it for, including for legal and reporting requirements.

Your Rights

Under the UK GDPR, you have the right to:

• Access your data.
• Rectify inaccurate or incomplete data.
• Erase your data (right to be forgotten).
• Restrict the processing of your data.
• Object to the processing of your data.
• Data portability.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at:

• Email: [email protected]

ICO Registration

We are registered with the Information Commissioner’s Office (ICO) under registration reference: ZB645385.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page.

Effective Date: 15th May 2024