MDI Health Technologies Ltd. (“MDI”, “we”, “us” or “our”) provides this Privacy Policy, as will be updated from time to time (our “Policy” or “Privacy Policy”), to inform the visitors of our website and our customer (or “you”) of our policies and procedures regarding the collection, use, and disclosure of information we receive when you use the website or service. (All capitalized terms shall have the meanings as defined in the Definitions section below).
This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.
2.1. This Privacy Policy applies to Personal Data about you or the patient you act on his behalf that we collect, use, or otherwise process regarding your relationship with us as a visitor or customer.
2.2. Please note that we published on our website icons of social media networks that we are members of. When you click on these icons, you will be directed to our company pages on these networks, and their privacy policies will apply. We are not responsible for the privacy policies of these social media networks, and you are responsible to review and ensure you agree to their terms before entering and browsing our pages on said networks.
3.1. Personal Data That You Provide To Us
a) While browsing our website as a visitor, you may provide us your full name and email (“Contact Details”) if you wish us to contact you. You may choose to provide us additional Personal Data through the “free text” section in our contact form or directly to our company email address published on our website. Please do not provide further Personal Data than is required for us to contact you.
b) As a customer, you may provide us more information regarding our services, such as (a) additional patient’s personal details; (b) customer’s payment details; and (c) medical information, for the purpose of providing the services on an ongoing basis. For example: full name, email, phone number, address, medical information, including medications list and related drug information, drug history, age, gender, ethnicity, diagnosis, background illness, chronic conditions, medical history, medical and lab test results, information related to your lifestyle and nutrition (e.g., smoking status, alcohol, specific foods or beverages, physical activity), and any relevant medical records required for the purpose of providing the services.
c) If you would like to register to our newsletter, you will be required to provide your email address.
3.2. The Personal Data That We Collect or Generate
If you browse our website, we may collect your Personal Data. This includes (by way of a non-exhaustive list): your computer’s Internet Protocol address and your geolocation, through the use of “cookies” (for more information on our cookies and other means of tracking, please see Section 10 “Cookies” below).
4.1. We process anonymized information and data that is not processed by reference to a specific individual. We may collect this Non Personal Data through the website in the following ways:
a) Information that your browser sends (“Log Data”). This Log Data may include, but is not limited to, non-identifying information regarding your device, User ID, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, the web page you were visiting, and information you search, etc.
b) We may use automated devices and applications to analyze the usage of our website. We use these tools to help us improve our website, performance, and user experience. For more information, please see Section 10 “Cookies and Analytics Tools” below.
5.1. Personal Data is used for the following primary purposes (as may be updated from time to time):
a) To contact you, in any case you provide us your contact details under the “Contact Us” request. We may also use the information in order to provide service announcements and notices, promotional messages, and market our services (subject to your consent when required). At any time, you may choose to opt out of receiving such marketing materials, which are not an essential part of the usage of the website. You may exercise your choice by contacting us at the email address published in each email or publication we send to you or by contacting us through our website.
b) To provide and operate the website, including to further develop, customize, and improve our website based on visitors’ preferences, experiences, and difficulties; to create aggregated statistical data and other aggregated and/or inferred Non Personal Data, which we or our business partners may use to provide and improve our website.
c) To comply with any applicable law, including court orders and warrants, and to take any action in any legal dispute and proceeding.
d) To fulfill our legitimate interests, such as enforcing our Terms and Conditions, policies, and other contractual arrangements and preventing misuse of the website.
e) Otherwise authorized by you.
5.2. If you register as a customer, please know that in addition to the above, we use Personal Data for the following purposes:
a) To provide you our services, as defined above.
b) To provide you with ongoing support, services, and inform you regarding our services, such as sending you notifications and reminders related to medical inspection, our service, or sending you payment notifications for your subscription. It is important that you always receive such messages. For this reason, you cannot opt out of receiving such service and billing messages as long as you use the services.
6.1. We may use information that is Non Personal Data for the same purposes we use Personal Data (where applicable) and in addition in order to:
a) Compile anonymous or aggregate information.
b) Disclose to third-party vendors, service providers, contractors, or agents who perform tasks on our behalf in connection with the website.
c) Monitor and analyze use of the website and for the technical administration and troubleshooting of the use of the website.
d) Provide us with statistical data.
6.2. We may use analytics tools to help us understand visitors’ behavior on our website, including by tracking page content, click/touch, movements, scrolls, and keystroke activities. The privacy practices of these tools are subject to their own policies, and they may use their own cookies to provide their services. Contact us for further information about your option to opt out of these analytics tools.
6.3. From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our website.
6.4. We use anonymous, statistical, or aggregated information, which may be based on extracts of your Personal Data, for legitimate business purposes including for testing, development, improvement, control, and operation of the website. We may share such information with our third-party providers. It has no effect on your privacy because there is no reasonable way to extract data from the aggregated information that can be associated with you. We will share your Personal Data only subject to the terms of this Policy, or subject to your prior informed consent, if required.
7.1. We may share your data with third parties, in the following manners and instances:
7.1.1. Our affiliated clinicians/consultants (clinical pharmacists/consultants/physicians) – If you choose to use our service as a customer, please know that we will share personal information with our affiliates in order for them to provide you care.
7.1.2. Third-party service providers – We may share your Personal Data with service providers and other third parties if necessary to fulfill the purposes for collecting and processing the information, such as cloud vendors and subcontractors providing us processing services, provided that any such third party will commit to protecting your privacy as required under the Applicable Laws and this Policy, in accordance with that third party’s obligations.
7.1.3. Structural change – Additionally, a merger, acquisition, or any other structural change may require us to transfer your Personal Data to another entity, provided that the receiving entity will comply with this Policy.
7.1.4. Law enforcement, legal requests, and duties – We may need to disclose Personal Data in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.
7.2. Non-routine disclosures of PHI – We will not disclose PHI for purposes outside of Treatment, Payment, and Healthcare Operations (TPO) without written authorization from the individual or legal permission.
7.2.1. Authorization process – We will provide individuals with a standard HIPAA authorization form outlining the specific PHI to be disclosed, the reason for disclosure, and the recipient(s). The authorization will clearly state that the individual has the right to revoke their authorization in writing at any time. We will obtain informed consent before using or disclosing PHI beyond what is minimally necessary to fulfill the stated purpose in the authorization.
7.2.2. Legal permissions – In situations requiring disclosure due to a court order, subpoena, or other legal process, we will consult with legal counsel to ensure proper procedures are followed and to minimize the PHI disclosed.
7.2.3. We will maintain accurate and complete records of all disclosures of PHI for at least six years.
7.3. Accounting of disclosures – Individuals have the right to request an Accounting of Disclosures, which is a record of disclosures of their PHI made outside of TPO activities.
7.3.1. Request process – Individuals who desire to submit an Accounting of Disclosures request should submit the request to support@mdihealth.com with the subject line: Accounting of Disclosures Request.
7.3.2. We will provide the Accounting of Disclosures within a reasonable timeframe, typically within 60 days of the request.
8.1. We may store, process, or maintain information in various sites worldwide, including through cloud-based service providers.
8.2. If you are located in a jurisdiction where the transfer of your Personal Data to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer, or the storage, processing, or maintenance of the information in other jurisdictions by using the website.
9.1. In all of the above cases in which we collect, use, or store your Personal Data, you may have the following rights, and in most cases, you can exercise them free of charge. At any time, you may contact us at support@mdihealth.com (with the subject line: Personal Data Inquiry) and request to know what Personal Data we keep about you. We will make good-faith efforts to locate the data that you request to access.
9.2. Under your right of access, you may obtain confirmation from us of whether we are processing Personal Data related to you, receive a copy of that data so that you can verify its accuracy and the lawfulness of its processing, and request the correction, amendment, or deletion of the data if it is inaccurate, incomplete, outdated, or processed in violation of applicable law.
9.3. However, we may retain certain information as deemed required by us in accordance with applicable laws, or for legitimate business reasons, for the duration as required under applicable laws.
9.4. When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us with certain credentials to make sure that you are who you claim to be, to avoid disclosure of Personal Data related to others, and to ask you questions to better understand the nature and scope of the data that you request to access.
9.5. We may redact from the data which we will make available to you any Personal Data related to others. In addition, we may delete information if required by applicable laws.
9.6. Privacy complaints – We are committed to protecting the privacy of individuals and take all privacy complaints seriously.
9.6.1. Complaint process – Individuals who desire to submit a privacy complaint should submit the complaint to support@mdihealth.com with the subject line: Privacy Complaint. All complaints will be documented and investigated thoroughly. We will provide a timely response to the individual regarding the outcome of the investigation.
10.1. A cookie is a small data file that is saved on your computer’s hard disk for record-keeping purposes. When you access or use our website, MDI uses industry-standard technologies such as “cookies”, other tracking technologies, and other local files, which store certain information on the browser or hard drive of your computer and/or your mobile telephone device (“Local Storage”) and which will allow us to distinguish you from other users, track your click-stream to assess performance of the website, gather information about your approximate geolocation, store your preferences, enable automatic activation of certain features, and improve your user experience and other capabilities.
10.2. Some information which is too large to be stored in a cookie (such as the user’s personal and medical data) is stored in the browser’s LocalStorage repository, which allows for saving larger data. The use of this mechanism is to allow for easier form filling and to allow the user to continue filling the medical forms from where they stopped in case they close the browser and return to the website.
10.3. Most devices and browsers will allow you to erase cookies from your device’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. Please note that unless you block the acceptance of cookies, the website will utilize cookies upon your use of the website (all unless it is required by applicable laws to provide a separate consent to use such cookies, and in which case we will use such cookies only after we receive your separate consent to such use and subject to your right to withdraw such consent at any time).
10.4. We may also engage third parties to track and analyze data or provide other services on our behalf. Such third parties may combine the information that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data, and such use is governed by such third parties’ privacy policies.
10.5. We use Google Analytics, and their privacy policy can be accessed at: https://policies.google.com/privacy?hl=en. We use FullStory for user experience tracking and analysis. Note that no personal information is saved on their system; it only tracks user actions on our website – clicking, typing, scrolling, etc. Their privacy policy can be found here: https://www.fullstory.com/legal/privacy/
11.1. We take the safeguarding of the Personal and Non Personal Data very seriously and use various measures and procedures to protect it. However, although we make efforts to protect your privacy, we cannot guarantee that the website will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
11.2. Data transmitted to and from the users’ browser and MDI’s servers is encrypted for increased security. Furthermore, the data saved in MDI’s databases is encrypted at rest as well as in transit when it’s transmitted inside the MDI cloud infrastructure or outside, as per HIPAA compliance requirements.
11.3. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping the login and password to your device(s) private. In addition, you should take steps to protect against unauthorized access to Personal Data stored on your premises as well as defining limited access rights to such information on a need-to-know basis.
12.1. We retain different types of information for different periods, depending on the purposes for processing the data. We may retain Personal Data for as long as necessary in order to support our legitimate business purposes, for example, for storing data, for continuous service and support, for documentation, for cybersecurity management purposes, legal proceedings, and tax issues.
12.2. We may store aggregated Non Personal Data without time limit. In any case, as long as you use the website and/or the service, we will keep information about you unless we are legally required to delete it, or if you exercise your rights to delete the information.
Our website and services are not meant to be used by or for persons under 18; as such, we do not knowingly collect Personal Data from minors younger than 18. If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Policy. Lacking such consent, please do not use the website and/or the service.
14.1. We may change the terms of this Privacy Policy from time to time. We will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances, and subject to the requirements of applicable laws, to obtain your consent.
14.2. If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.
14.3. Your continued use of the website and/or the service following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the website and the service.
15.1. This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law provisions.
15.2. The courts of the Tel Aviv – Jaffa district shall have exclusive jurisdiction in all disputes and proceedings arising from this Privacy Policy.
For further information about this Policy, please contact us: support@mdihealth.com. If you have any concerns relating to this Policy, please contact us, and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.