This privacy notice applies to information gathered by MedRx, Inc. (“MedRx”), including, but not limited to our products and services MedRx Software and HearingBI.com. We respect and protect the privacy of our Customers and Participants, and we are dedicated to being as transparent as possible regarding the use of your personal data. This privacy notice explains how we collect and use your personal data. In this privacy notice, “we”, “us” and “our” means MedRx and Demant Enterprise A/S. We may change this privacy notice from time to time, so please check back when you use our services to make sure that you have seen the most recent version.
2. Who we are
This privacy notice applies to information gathered by MedRx via our website and various MedRx products, including: MedRx Software and HearingBI.com (“MedRx Products and Services”). The website is owned and operated by Demant Enterprise A/S, and Demant Enterprise A/S is the data controller of the personal data collected through the website and MedRx Products and Services. MedRx is a business managed by Demant Enterprise A/S. If you have any questions about this privacy notice, or you would like to exercise your rights, including making a complaint or request to access or correct your personal information, you can contact us by using the contact points below.
Demant Enterprise A/S
Tel: +45 3917 7100
3. Personal data we collect and use
When MedRx Products and Services are used by our Customers, as defined below, we classify the personal data we collect, use, and disclose into two main categories: The first is data about our Customers and the second is about our Customers’ Participants. “Customers” are organizations and individuals that are involved in carrying out hearing screening or hearing testing of Participants. The term “Participant” refers to those individuals whose audiograms, hearing screening results, and/or other data is collected and processed using the MedRx Products and Services.
The way MedRx handles personal data varies depending on whether it relates to a Customer user (e.g. a Customer employee or other representative) or a Participant, as detailed below.
MedRx acts as service providers to our Customers, and where MedRx Products and Services are made available to a Participant by a Customer, Customers have the ability to export data from MedRx Products and Services. Customers are solely responsible for the use of such data and for safeguarding it. Participant personal data may also be directly held by the Customer. In addition to this privacy notice, the collection, use, and disclosure of Participant personal data will be subject to the privacy practices of the relevant Customers, so Participants should refer to them for additional data.
From our Customers, we collect data that is necessary to establish and maintain MedRx Products and Services to them, as well as to understand and improve the usage and performance of MedRx Products and Services, which may include the following personal data:
- Contact information (address and e-mail address);
- Billing address;
- Billing details;
- Login information for provisioned users and databases (usernames, server locations and encrypted passwords);
- How the Customer and its users use and intend to use the MedRx Products and Services; and
- Information provided by the Customer and its provisioned users related to any support given by MedRx related to the MedRx Products and Services.
The use of MedRx Products and Services involves the collection and processing of Participant personal data by MedRx which may include the following personal data:
- Full name;
- Date of birth;
- ID number;
- Information about the Participant’s hearing;
- Test results;
- Questionnaire results;
- Location and date of the test;
- Location type (pharmacy, physician office, etc.);
- Home phone number;
- Cell phone number;
- Work phone number;
- Email address; and
Participants must provide their name, email, phone number and zip code to use MedRx Products and Services. The audiometry results and location information are generated and saved at the time of testing. Customers may collect additional Participant personal data using questionnaires within MedRx Products which may also be collected and processed by MedRx.
- We also collect personal data:
- when you make inquiries, ask to be contacted, request marketing material or sign up to receive our newsletter;
- when you visit our website and cookies are placed on your computer;
- when you email, call us or write to us or provide us with information in any other way, including by interacting with us via social media such as Facebook and Instagram.
4. Why do we collect and use your personal data and what is our legal basis for doing so?
We collect and use your personal data for the following purposes:
- to process and respond to requests, inquiries and complaints received from you, in accordance with our legitimate interest to provide our customers with a responsive service;
- to provide services and products requested and/or purchased by you and to communicate with you about such services and/or products; we do this as necessary in order to provide such products and services and in accordance with our legitimate interest to operate a business, which offers products and services related to hearing health care;
- to update our records and for audit purposes, in accordance with our legitimate interest to do so and/or when required by legislation;
- to prevent or detect fraud and to establish, exercise or in defense of legal claims, in accordance with our legitimate interest to do so;
- where legally required or where it is in our legitimate interests to do so, to comply with requests from law enforcement and regulatory authorities;
- to analyze trends and profiles, for our legitimate interest to aim to enhance, modify, personalize and improve our services and communications for the benefit of our customers;
- to carry out customer satisfaction research, for our legitimate interest to aim to enhance, modify, personalize and improve our services and communications for the benefit of our customers; and
- to recommend products and services we think you will be interested in. We do this in accordance with our legitimate interest to carry out direct marketing to our customers and, where we use your health data, email or other digital channels, only with your explicit consent.
5. How we share your personal data
We will not rent, sell or otherwise share or disclose your personal data, except as described herein or otherwise stated at the time the data is collected. We may share your personal data with affiliated companies within Demant Group in order to deliver, enhance and develop our products and services. Please refer to the organizational chart in our latest annual report to see which companies are part of Demant Group. You can find our latest annual report at demant.com.
We may share your personal data with our service providers for tasks such as:
- assisting us with administering or troubleshooting our website;
- assisting us with the supply or design of our products or with our business administration;
- assisting us with our marketing campaigns;
- operating our call centers; or
- providing us with electronic or physical storage services or systems.
We will only share your information in these circumstances, if it is necessary in order for our service providers to perform the service for us. These service providers are not authorized to keep or use your personal data for any other purposes, and they will always be under an obligation to keep your personal data safe and confidential.
We may disclose your personal data to selected third parties such as law enforcement agencies, regulatory authorities and our professional advisors if we are under a duty to do so in order to comply with any legal obligation, or if it is in our legitimate interests.
6. Transfer of data to third countries
In order to deliver our products and services to you, we may share your personal data with affiliated companies in Demant Group and our services providers located throughout the globe.
If we process your Personal Data outside the country in which it was collected, we will implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the relevant Data Protection laws including ensuring the protection of the rights of the data subject. The transfer of personal data is based on the EU Commission’s standard contractual clauses, which the EU Commission finds provide adequate guarantees for the protection of privacy, basic rights and liberties, as well as for exercising the associated rights.
7. How long do we keep your personal data?
We will keep your personal data for as long as we need to for legitimate legal or business reasons, including to comply with any regulatory obligations. We will delete your personal data, when it is no longer required in relation to the purpose for our collection, processing and storage of your personal data. We will store personal data that we are obliged to keep in accordance with the law.
If you would like more detailed information about our retention policy, please contact us by using the contact points above.
We have put in place appropriate technical and organizational measures to protect your personal data against unintended loss or amendment, against unauthorized disclosure and against unauthorized persons accessing your personal data.
Should a breach of security occur, we will inform you as soon as possible, if the breach may result in high risk to your rights e.g. theft of ID, discrimination of you, loss of reputation or other significant inconvenience.
9. Your privacy rights
You have the right, at any time, to request information about the Personal Data we are processing about you, where the data is collected from, and what we are using it for. You also have the right to know how long we will keep your personal data and who we share your data with. If you request so, we can give you details (and a copy) of the personal data we hold about you. Your access can be restricted to ensure other people’s privacy protection, trade secrets and intellectual property rights.
You may also have the right to data portability. If you think the Personal Data we are processing about you is inaccurate or incomplete, you have the right to request correction. Please contact us and let us know how to rectify your information.
In some instances, we are obliged to delete your personal data. This might be the case if you withdraw your consent. If you believe that your personal data is no longer necessary in accordance to the purpose for which we collected them, you are entitled to request their deletion. You can also contact us if you believe that your personal data is being processed contrary to applicable law or other legal obligations.
We will investigate if the conditions are fulfilled, when you make a request of having your personal data rectified or erased. If so, we will carry out the amendments or deletion as soon as possible.
You have the right to object to our processing of your Personal Data. You can contact us at the contact points outlined at the top of the privacy notice if you want to submit an objection. If your objection is justified, we will ensure the termination of the processing of your personal data.
You can opt-out of receiving marketing material at any time by contacting us at the contact points outlined at the top of the privacy notice.
10. Right to lodge a complaint
If you have a concern in relation to how we use your data, please let us know, and we will investigate and reply to your queries and if necessary, take steps to ensure our practices are consistent with our obligations. If you are still not satisfied with the way we use your data, you have the right to lodge a complaint with the national data protection authority in your country of residence or work.
11. Children’s privacy
Our website is not intended or designed to collect personal data about children under the age of 13. We do not intentionally collect personal data from any person we know to be under the age of 13.
12. Third party websites
Our website may contain links to websites of other companies and organizations. This privacy notice does not apply to such third-party sites, and we suggest that you contact those third-party sites directly for information on their data collection and distribution policies.
13. Changes to the privacy notice
We may update this notice from time to time by publishing a new version on our website. Where relevant, possible and appropriate, you will be notified by email.
This privacy notice was updated on 12/15/2020.