Privacy Policy
Citi Medical is committed to protecting your privacy and complying with your choices. Both personal and non-personal information collected is safeguarded according to the highest privacy and data protection standards adopted worldwide. We have always had a robust and effective data protection program in place which complies with existing law and abides by data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of new legislation.
Citi Medical operates a diverse business which includes but is not limited to the provision of medico-egal services, document management and case management services, business consulting and other advisory services.
When This Policy Applies
This Privacy Policy explains how we manage personal information that we obtain:
in the course of carrying out business onboarding procedures;
from or about individuals who are our clients;
from or about individuals in the course of providing products or services to our clients and prospective client; and
from or about individuals in the course of operating our business generally, including marketing data and data from digital initiatives.
Our Commitment
Your information will not be rented or sold to any third party.
We use state-of-the-art security measures to protect your information from unauthorized users.
We give you the possibility to control the information that you shared with us (opt-out)
How we collect personal information and the types of personal information.
Where we obtain healthcare data it will be stored, handled, managed, moved and accessed in line with our Healthcare data policies and procedures.
The personal information we may directly collect from you will depend on the nature of your interactions with our companies and brands; and whether you:
have subscribed to or engaged with us, are recipient of our marketing communications or attend events, have interacted with our websites, have a connection to a member of our personnel or have a vendor relationship or similar with Citi medical or its group companies or brands.
In addition, we may collect personal information about you from third parties. Third parties may include but are not limited to corporate officers (where your information forms part of a corporate matter) and providers of verification services. We may monitor your use and interactions with our websites, marketing we send and communications between you and our companies and brands including CRM records made by employees which may constitute text, voice or video recordings which may be transcribed.
Depending on the circumstances, the types of personal information we collect may include:
Basic details such as your name, contact details, job title and the name of your employer, university or company.
Financial information such as billing addresses, bank accounts and payment information,
Identification, background verification information, evidence of ownership or source of funds collected for subscriptions renewal, compliance and anti-money laundering requirements,
Special categories of data such as race, ethnicity, trade union membership, information about health or information about your political, religious or philosophical beliefs,
Photographic, audio and video content (which can include CCTV footage if you visit our premises)
Information that you have provided in relation to marketing preferences, registering for events and meetings (which may include access and dietary requirements);
Information relating to your website usage and technical data that is collected through tracking technologies and relationship insight tools; and
any other information relating to you that you or others may provide
The purposes for which we use your personal information
We will only use your personal information if the law allows us to do so.
Most frequently we will use your personal information in the following ways:
– when we need to perform a contract or subscription we are about to or have entered into with you; when we need to do so to comply with a legal obligation.
– where permitted by law, when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
– when it is necessary to establish, exercise or defend legal claims;
– if you have already made the information public; or
– if you have given your consent.
We may rely on more than one circumstance for a particular category of personal information.
To the extent permitted by law, the legitimate interests upon which we rely in processing your personal information include the following:
For the purposes of carrying out client onboarding, vendor and freelance panel management and subscription procedures: this will include using and/or obtaining information for the purposes of carrying out anti-money laundering, conflict and other business intake searches.
For the purposes of marketing our services: we may use information about you for the purposes of promoting our businesses and brands, if you request information about our services or indicate that you have an interest in receiving communications, respond to invitations to events, or comment on our blogs, surveys, applications or social networks. Based on that information, we may also identify further products, services, content topics and events about which you may wish to know more.
You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking the appropriate boxes on the forms we use to collect your data. You can also exercise that right at any time by contacting us as set out below.
For the functioning of our business and its operations: we may use your personal information in the course of operating our business, including the management of our relationships with third party suppliers, dealing with our insurance arrangements and conducting anonymous and pseudonymous analysis of data and meta data.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or it will add value in our relationship with you. If we need to use your personal information for an unrelated purpose, we will only do so if legally permitted to do so and with appropriate notice (or consent, if required by law).
Transferring and Sharing Your Information
Your personal information is stored on servers located in the UK, and your personal information may be processed by Citi medical here worldwide . Information held in hard copy is stored onsite or at secure locations. The types of personal information involved and uses include those detailed above where appropriate.
Within Citi Medical , we may transfer personal information, but not healthcare information outside of the United Kingdom (‘UK’), European Economic Area (“EEA”) or outside of a jurisdiction where you are located. When we transfer personal information in the UK and EEA outside of the UK or EEA or the jurisdiction where you are located, we do so use procedures that conform to UK and European data privacy law including GDPR.
We may provide personal information to third parties that perform operational services for us solely for our use and benefit or professional advisors, service, and technology partners for them to perform services on behalf of clients We will only transfer your personal information in these circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. On occasion, we may be required by law to disclose personal information by a regulator, court, or authority. Where necessary and with appropriate safeguards, Citi Medical may also need to disclose information to its professional advisors (e.g., legal and financial advisors), bankers, auditors, insurers and insurance brokers.
GDPR
We are committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
-processed lawfully, fairly and in a transparent manner in relation to individuals;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
-adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
-accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
– kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
-processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
When you provide your personal information, you consent that it can be used for the above purposes and that Citi Medical and its associated companies are authorized holders of such information. If you choose not to register or provide personal information, you can still use our websites and online tools but you will not be able to receive additional services or access certain areas that require registration.
When you activate an account, you are providing your consent to occasionally receive information from us. In each communication from us you will have the opportunity to unsubscribe from further communications; alternatively, you may contact us to express your choices at the address provided at the bottom of this page.
Access to your information
You are entitled to review the personal information you have provided us and ensure that it is accurate and current at all times. To review or update this information please email DPO@citi-medical.co.uk and request that we send you this information.
i. Security of information
We are strongly committed to protecting your information and ensuring that your choices are honored. We have taken strong security measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. All sensitive data is stored behind multiple firewalls on secure servers with restricted employee access.
We guarantee that all e-commerce transactions follow the latest security measures and use the best available technologies. We do not hold card details and outsource card transactions to partners such as Paypal, Braintree and Stripe who’s Terms and Policies can be found on their respective websites, Secure Sockets Layer (SSL) technology is employed when you place online orders or transmit sensitive information.
ii. Retention of information
We retain information as long as it is necessary to provide the services requested by you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the services or until you ask us to delete it or your account is deleted whichever comes first. Additionally, we may retain information from deleted accounts to comply with the law, prevent fraud, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Use, and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy. Finally, your data could also be stored for sales statistical purposes.
iii. EU and EEA Users’ Rights
If you are habitually located in the European Union or European Economic Area, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
You have the right to access your personal data and, if necessary, have it amended or deleted or restricted. In certain instances, you may have the right to the portability of your data. You can also ask us to not send marketing communications and not to use your personal data when we carry out profiling for direct marketing purposes. You can opt out of receiving email newsletters and other marketing communications by following the opt-out instructions provided to you in those emails. Transactional account messages will be unaffected if you opt-out from marketing communications.
iv. How to opt-out
We provide users with the opportunity to opt-out from receiving updates on our products, newsletters and other communications from us. You can opt-out by clicking on the link provided in our electronic mailings or by contacting us at the address at the bottom of this page.
v. Does Citi Medical’s Privacy Policy apply to linked websites?
Our Privacy Policy applies solely to information collected on our websites or through our business operations and services.
Our sites contains links to web sites of third parties. Citi Medical is not responsible for the actions of these third parties, including their privacy practices and any content posted on their web sites. We encourage you to review their privacy policies to learn more about what, why and how they collect and use personal information.
However, as is true with all online actions, it is possible that third parties may unlawfully intercept transmissions of personal information, or other users of our online products may misuse or abuse your personal information that they may collect.
Citi Medical uses third-party advertising companies to serve adverts and track users. These third-party advertising companies employ cookie and 1×1 pixel. gifs or web beacons to measure and improve the effectiveness of ads for their clients. To do so, these companies may use anonymous information about your visits to our website and other websites but will not collect any information which can personally identify you or can be linked to you. This information can include date/time of banner ad shown, the banner ad that was shown, their cookie, and the IP address. This information can also be used for online preference marketing purposes.
Changes to this policy
If we make changes to our Privacy Policy, we will post these changes here so that you are always aware of what information we collect, how we use it and under what circumstances, if any, we disclose it. If at any point we decide to use your information in a manner different from that stated at the time it was collected, we will notify you by email.
Enforcement of policy
If for some reason you believe Citi Medical has not adhered to these principles, please notify us and we will do our best to promptly make corrections.
Questions or comments
If you have questions or comments about this privacy policy, please email us at: DPO@citimedical.co.uk