How to use this Privacy Notice
This notice is layered, so you can easily find the information that is applicable to you. Please click the through to the headings or subheadings of the specific areas set out below to read the full text.
There is a Glossary of terms at the end of this document to help you understand the meaning of some of the terms used in this privacy notice.
Introduction – please read me
Please read this Privacy Notice and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export and delete your information. This Privacy Notice supplements the other notices and is not intended to override them.
Who we are
MyC is a company incorporated and registered in France with company number 890 755 275, whose registered office is at 113 avenue du Président Salvador Allende, 93100 Montreuil, FRANCE.
MyC is operating in health field and specialized in health data management, for additional information please click
here.
This privacy notice is issued on behalf of MyC, when we mention "we", "us" or "our" in this privacy notice, we are referring to MyC responsible for processing your data.
Websites
The following websites and apps are in scope of this privacy notice:
https://www.myc.doctor/
https://app-eu.myc.doctor
https://app.myc.doctor
Controller/Processor
We are registered with the pertinent data protections authorities in line with the applicable legislation. To find out more on our registrations please
contact us.
We do not and will not sell your data to third parties.
We act as the Controller regarding personal data necessary for creating and managing a user account as well as personal data related to the use of website and applications this privacy notice refers to.
We act as the Processor for processing activities conducted through our platforms/services purchased and used by Customers, namely for personal data collected by Customers for patient, appointment, consultation and monitoring. While we act as a Processor, we process data according to the instructions received by our Customers (acting as the Controller) who are responsible for dealing with your requests aimed at implementing your data privacy rights. For exercising your rights, you need to contact the pertinent Customer directly. In some cases, we may act as a Joint Controller together with the Customer. In that case you will be referred to a specific privacy notice explaining the responsibilities of each party and the procedure for you to exercise your rights.
Notwithstanding the role MyC is covering, MyC takes seriously privacy and take all the necessary measures to ensure personal data processing activities are conducted in compliance with the applicable
Data Protection Law.
Our commitment to you
We respect your right to privacy and are committed to protecting it and complying with
Data Protection Law. We will always keep your
Personal Data safe. We will be clear and open with you about why we collect your
Personal Data and how we use it. Where you have
choices or rights, we will explain them to you and respect your wishes.
How to contact us
If you have questions about this
Privacy Notice or the processing of
your Personal Data, please contact us at:
Postal address MyC 113 avenue du Président Salvador Allende 93100 Montreuil FRANCE
Email privacy@myc.doctor
Our DPO (outsourced) We have appointed GRCI Law Limited, to act as our
DPO.
Postal address GRCI Law Limited /IT Governance Europe Ltd3 rd Floor, Boyne Tower,Bull Ring, Lagvooren, Drogheda, Co. Louth, A92 F682, Ireland
Email:
dpoaas@grcilaw.com Tel: +44 (0)333 800 7000
Please ensure you include our company name in any correspondence you send to our DPO.
Personal information we collect about you as a Controller
We process different kinds of
Personal Data about you depending on your relationship with us (Costumer, supplier, user):
Identity data
Includes first
name, last name, other names, date of birth, professional registration.
Contact data
Includes your contact address, billing
address, email address and telephone number(s).
Location data
We may collect your location data from your IP address and telephone codes.
Transaction data
Includes details about payments to and from you and other details of services you have purchased from us.
Technical data
Includes IP address, your login information, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website or our
Apps
Profile data
Includes your email and password, the services you have used on our website and/
or our Apps, your use of social media functions on our
Website and/
or our Apps for
authentication, feedback, survey responses and such information as you provide to us.
Usage data
Includes information about how you use our
Website and
or Apps, the resources you access, pages you visit, the time and date of your visit or an email opened, the time spent on those pages, unique device identifiers, the URL (Uniform Resource Locator) clickstream to, through and from our website and other diagnostic data.
Chat sessions
This information includes online chat sessions and the chat history of previous sessions.
Special Category Personal Data
Special Category Personal Data is personal data that needs more protection because it is sensitive, and we may collect this type of personal data on the behalf of our Customers in the course of providing our services or during our interactions with you.Your online chat sessions may contain
Special Category Personal Data you have decided to share. We will not process your
Special Category Personal Data and shall we be in such situation will be not processing Special Category Personal Data without a
Lawful Basis to do so.
How we get your Personal Data We use different methods to collect data from and about you through our websites, by telephone, through LiveChat and through any related social media applications, including:
Personal Data provided directly by you
You may give us your
Personal Data by filling in forms, surveys, questionnaires or assessments on our
Website, or by corresponding with us by post, phone, email, chat or otherwise. This includes
Personal Data you provide when you:
Register to use our
Apps, Website or services, or to receive general information on our services.
Data we collect when you use our Websites and Apps
Each time you interact with our
Website, we will automatically collect
Personal Data, including technical data about your device, your browsing actions and patterns, content and usage data. We collect this data using
Cookies, server logs and other similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our
Website and
Apps are used.
Data we collect when you use MyC platform offlineWhen using the offline mode in the MyC platform, the personal data is stored in the cache and encrypted with a key that only the user of the data can use by means of a password.
Please see our Cookie Notice here for further details.
Information we receive from third parties
We may receive
Personal Data about you from various third parties, such as:
Device data from the following parties:
Analytics providers such as DataDog.
Advertising networks.
Search information providers.
Technical data and device data from the following parties:
Analytics providers such as DataDogAdvertising networks such as
Google.
Providers collecting survey information;Information about our candidates from referees, recruitment agencies and social media such as
LinkedIn;
and Reviews from providers.
Unique application numbers
When you want to install or uninstall a service containing a unique application number or when such a service searches for automatic updates, that number and information about your installation, for example the type of operating system, may be sent to us.
How we use personal information General We need your
Personal Data to conduct our business and provide you with
our Apps and services. Most commonly we will use your
Personal Data in the following circumstances:
Where you have consented before the processing.
Where we need to perform a contract, we are about to enter or have entered with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
UK GDPR/EU GDPR Lawful Basis table The table below describes the ways we use your
Personal Data, and which
Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
For more information on the
Lawful Basis we use to process your data under the
UK GDPR and
EU GDPR, see our Lawful Basis table below or
contact us.
Reason for processing
Special Category Personal Data: We will be not processing Special Category of Data unless this is required by our Customers.
Shall we be processing
Special Category Personal Data, you will be duly informed and we must, in addition to the
Lawful Basis in the
Lawful Basis table, process your
Special Category Personal Data because of an additional
condition, including the followings :
You have given us your explicit
consent to process that data. We are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us).
The processing is necessary to carry out our obligations under employment, social security, or social protection law.
The processing is necessary for the establishment, exercise, or defence of legal claims.
You have made the data manifestly public;
or Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes.
For more information about us using your
Special Category Personal Data, please
contact us.
Using your data for other reasons
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the
Lawful Basis that allows us to do so.
Marketing and advertising Using Personal Data for marketing purposes
We currently do not use data for marketing purpose. We may use information of Customers to provide details about services.
Shall we in the future conduct marketing activities, you will be duly informed and where we are legally required to obtain your
consent to provide certain marketing materials, we will only provide with such marketing materials where we have obtained
consent.
You will also receive the necessary information to opt out of us using personal information for marketing purposes by following the unsubscribe link included in each marketing email or by
contacting us via email.
Disclosing your Personal Data to others Sharing your Personal Data safely
We do not commonly share data with third-party. Shall we be in the situation where data sharing is necessary, you will be duly informed, and we will be not sharing data without a legal basis and namely your consent. We require all third parties to respect the security of your
Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your
Personal Data for their own purposes. We only permit them to process your
Personal Data for specified purposes and in accordance with our instructions.
We ensure that the personal data being supplied is also limited with the minimum being used for each of the services provided by the third-party service providers.
Who we share Personal Data with
We may share your
personal information with the following organisations that help us manage our business and deliver our products, applications, or services, or where we are legally obliged to share information, including with:
Twilio https://www.twilio.com/ IVR voice to API calls - Sending only the limited input requests. Twilio storing the phone number only. More information can be found here
https://www.twilio.com/gdpr It is used for SMS service/ insert link to pertinent page.
Mailjet Email SMTP server/ add link and pertinent information.
CRISP is a third-party service provider to assist with Multichannel messaging platform (add available information/ Privacy notice/ website page with details on the used service)
Google Storage and back end,
is a third-party service provider to assist us with client to store and back end the data necessary to provide MyC services/ insert link to google page with information on that type of processing.
DataDog
is a third-party service provider to assist us with client insight analyticsUsed to tracking page views. Sending the 3
rd party Page Information (URL, Title), Browser Information (Browser name, Viewport or Viewing pane, Screen resolution, Java enabled, Flash version), User Information (Location - IP address, Language). More information can be found here https://www.datadoghq.com/legal/privacy/
GRCI Law We use
GRCI Law for data privacy services.
Law and Investigations
Other organisations for the purposes of fraud/crime protection and investigation. Courts of law and government, regulatory authorities or third parties to the extent required by law, court order or a decision rendered by a competent public authority and for the purpose of law enforcement; or
Other Other third parties subject to your
consent.
Sharing your Personal Data overseas We may send personal information outside of the Country/European Union generally for, but not limited to, reasons relating to processing and storage by our service providers. For example, we may have Cloud storage providers with data storage facilities in the US or other countries. When we do this, we will ensure that our service provider has an appropriate level of protection, and the transfer is made in line with
Data Protection Law. Often, this protection is set out under a contract with the organisation that receives that information. You can find more details of the protection given to your information when it is transferred overseas by
contacting us.
Data security We have put in place appropriate security measures to prevent your
Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your
Personal Data to those employees, agents, contractors and other third parties that have a business need to know. They will only process your
Personal Data on our instructions, and they are subject to a duty of confidentiality.
We periodically test the security of our systems to check for vulnerabilities.
Risk
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your
Personal Data, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many
Information Security Risks that exist and take appropriate steps to safeguard your own information.
Encryption
All information you provide to us is stored
encrypted in rest and in transit. When using the offline mode in the MyC platform, the personal data is stored in the cache and encrypted with a key that only the user of the data can use by means of a password.
Breaches We have procedures in place to deal with any suspected
data security breach. We will notify you and any applicable regulator of a suspected
data security breach where we are legally required to do so.
Third-party websites, plugins and services links to other websites
You should be aware that information about your use of this website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider and any third party that has access to your Internet traffic.
Our
Website and
Apps may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties. We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your
Personal Data will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.
Use by children
We do not target children, and our
Website, Services and
Apps are not intended to attract children. Accordingly, our online services that collect
Personal Data are not directed at and should not be accessed by individuals under the age of 18 years, and we request that such individuals do not provide any
Personal Data to us, including via Cookies, please see our Cookie notice for further information.
Minors must obtain express consent from parents or legal guardians before accessing or providing any
Personal Data. If notified by a parent or guardian, or discovered by other means, that a minor under the age of 18 has provided their
Personal Data to us, we will delete the minor’s Data that is in our possession.
Retention of your Personal Data
We will keep your
Personal Data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for
Personal Data, we consider the amount, nature and sensitivity of the
Personal Data, the risk of harm from unauthorised use or disclosure of your
Personal Data, the purposes for which we process your
Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can
contact us if you have questions relating to how long we will keep your personal data.
For more information on retention please refers to the
CNIL related guidance.
Cookies
We use
Cookies and similar technologies like pixels, tags, and other identifiers to remember your preferences, to understand how our Website and our
Apps are used.Further details can be found in our Cookie Notice.
Rights of data subjects
You have several
rights under
Data Protection Law. The rights available to you depend on our reason for processing your information and are set out in the
Table of your rights.
How to exercise your rights
In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you.
To exercise your rights or get more information about exercising them, please
contact us, giving us enough information to identify you.
How you can complain to or about us We hope that we can resolve any query or concern you raise about our use of your information. Please
contact us first and title your email “
Complaint”. All complaints will be treated in a confidential manner and we will try our best to deal with your concerns.
You have the right to lodge a complaint with a
supervisory authority in the EEA member states where you work or normally live, or where any alleged infringement of
Data Protection Law occurred. The supervisory authority in France is the
CNIL which may be contacted following the instruction available
here. Details of supervisory authority based in other European Countries can be found
here.
The Supervisory Authority in the UK is the
ICO, which may be contacted at
https://ico.org.uk/concerns or by telephone on 0303 123 1113.