Cookies on mRECORDS
The site uses cookies for better user experience. By using our website, you acknowledge that you agree with them.
PRIVACY POLICY
MESI mRECORDS
Protecting your privacy is very important to us. This Privacy Policy (the policy) contains information about the processing of personal data collected through the use of the services we provide to registered users of the https://mrecords.mesimedical.com/ website, the MESI mTABLET software (the MESI mTABLET) and the MESI mTABLET information technology services (the MESI mTABLET services or the services), offered through devices that allow access to the internet and a browser, and when contacting us.
We reserve the right to modify the information provided in this Privacy Policy without prior notice. The current applicable version is published on this page.
1. Identity and contact information of the controller
MESI, Ltd. Leskoškova cesta 11A, 1000 Ljubljana (hereinafter: MESI)
Phone number: 00386 (0)1 620 34 87
Email address: info@mesimedical.com
2. Contact details of the Data Protection Officer (DPO)
Email address: dpo@mesimedical.com
3. Privacy Notice
This Privacy Notice applies to all registered users of the MESI mTABLET and the MESI mTABLET Services, whereby only legal entities with legal capacity and natural persons of legal age may register, provided that they meet all the requirements for practising the profession of health care professionals in the country in which they practise this profession (the registered user).
Each registered user can create their own workgroup via MESI mTABLET and invite other health care professionals to join. This Privacy Notice also applies to all healthcare professionals who have accepted an invitation from a registered user and who are members of the registered user's workgroup (workgroup members).
A registered user and a member of a workgroup may access, manage, or refuse the processing of personal data in their profile using the user settings, and a registered user may also access, manage, or refuse the processing of data of members of their workgroup.
To access and manage your data, please visit https://mrecords.mesimedical.com/login/ and for corrections or answers to other questions, please contact info@mesimedical.com.
4. The purposes for which personal data are processed and the legal basis for processing
Personal data is any information relating to an identified or identifiable individual and means, for the purpose of this policy, information that identifies you as a registered user or member of a workgroup. Data that have been anonymised in such a way that they do not allow the identification of a specific individual are no longer considered personal data.
All personal data will be collected, processed, and used in accordance with the applicable provisions of this policy, particularly for the purpose of providing the services you have subscribed to and for handling your requests.
4.1. Where consent for the processing of personal data is obtained from the data subject, Article 6(1)(a) of the GDPR applies as the legal basis: when you consent to receive personalised newsletters or to the setting of cookies.
4.1.1. Newsletter
We regularly update you on our latest offers by e-mail. You can subscribe to our newsletter for this purpose. By signing up to our newsletter, you will receive information about our various products, current and upcoming promotions and offers, surveys and other indispensable items for everyday life. We use your e-mail address to send you newsletters, specifically to inform you about our offers. The application process is double opt-in. After registering, you will receive an e-mail asking you to confirm your registration.
The processing of data in connection with our newsletter is carried out in accordance with Article 6(1)(a) of the General Data Protection Regulation. You can withdraw your consent to receive our newsletters at any time by clicking on the unsubscribe link at the end of each newsletter we send you. For technical reasons, it may take a few hours for the unsubscription to take place, so you may as an exception still receive our newsletter in the meantime.
4.1.2. Cookies
Cookies are small text files that are stored on your computer or mobile device by the websites you visit. When you visit https://mrecords.mesimedical.com, only cookies that are strictly necessary for the operation of the website are installed. Cookies that are not strictly necessary for the operation of MESI mTABLET or the services are not used and are only activated after your explicit consent has been obtained by selecting the type of consent and clicking on "Save setting" or "Accept all". In the latter case, cookies will only be installed on your browser and their use accepted with your explicit consent.
Cookies can also be used to store, with your consent, the settings you have chosen on your previous visit, such as language, font size and other settings you have set on your computer or mobile device to view the site, so that you do not have to set them again each time you visit. We only use such cookies with your explicit consent. The cookies used on https://mrecords.mesimedical.com are described below in section 4.1.2.2. "Overview of cookies at https://mrecords.mesimedical.com".
Most web browsers automatically accept cookies. If you wish to withdraw your consent, you can deactivate tools for which you have previously provided your consent by adjusting the settings of your browser or mobile device accordingly. You can change the way your web browser works in your settings so that your computer or mobile device refuses cookies or you receive a warning before a cookie is stored. You can also prevent the installation of cookies in your browser completely for all websites you visit. You can delete cookies that are already stored on your computer or mobile device.
4.1.2.1. Cookies for marketing and personalisation
Marketing tools are used to collect and evaluate data to analyse visitor behaviour in order to provide a better user experience. They are usually used to find out where visitors are coming from and which areas of our website they are accessing. This is a type of personalised marketing strategy, as it includes personalised targeted advertising. By integrating analytics tools, we try to improve and continuously optimise the website for visitors.
4.1.2.2. Overview of cookies at https://mrecords.mesimedical.com
|
Cookie type |
Cookie name |
Provider |
Country |
Validity |
Purpose |
|
essential |
mcloud_access_token(mRECORDS) |
MESI |
EU |
1 day |
functional |
|
user(mRECORDS) |
MESI |
EU |
1 day |
functional | |
|
PHPSESSID(mRECORDS ) |
MESI |
EU |
Session |
functional | |
|
register_user(mRECORDS) |
MESI |
EU |
Session |
functional | |
|
Language(mRECORDS) |
MESI |
EU |
1 year |
functional | |
|
Cookies_alert(mRECORDS) |
MESI |
EU |
1 year |
functional | |
|
mcloud_access_token_2fa_temporary (mRECORDS) |
MESI |
EU |
5 minutes |
functional | |
|
ARRAffinity (mRECORDS) |
MESI |
EU |
Session |
functional | |
|
ARRAffinitySameSite (mRECORDS) |
Azure |
EU |
Session |
functional | |
|
user(mRECORDS) |
MESI |
EU |
1 day |
functional | |
|
marketing and personalisation |
ph_D14-mavSM_JTzyDcB0wITfXTEReqv78Tmionmf9EvUk_posthog (Posthog) |
MESI |
EU |
Session |
Statistics |
4.2. For the processing of personal data necessary for the performance of a contract to which a data subject or a registered user and a workgroup member is a party, Article 6(1)(b) of the GDPR applies as the legal basis: when you open a MESI mRECORDS user account, or when you use the MESI mTABLET services.
4.2.1. User account
When you register for a MESI mRECORDS user account, personal data relating to your use of MESI mTABLET and the services is processed on a contractual basis in accordance with Article 6(1)(b) of the GDPR.
Without the mandatory information, a user account cannot be created and, consequently, cannot be opened.
Where the processing of data is necessary to fulfil your order or request, we keep the data until the expiry of the warranty, guarantee, and limitation periods, otherwise for the duration of the contractual relationship, i.e. for as long as you have an account.
4.2.2. MESI mTABLET services
For registered users, we also publish forms for support, presentations, purchases, and other enquiries. All mandatory personal data on those forms are be collected, processed, and used to process the requests of such a user or member.
This involves the processing of personal data necessary for the performance of a contract to which the data subject is a party (Article 6(1)(b) of the GDPR): when you fill in the report or the mandatory data contained therein. This also applies to processing operations necessary for the performance of measures which are necessary prior to the conclusion of the contract itself. Without the mandatory information, it would not be possible to process your request.
Where data processing is necessary for the fulfilment of your request, we keep the data until the expiry of warranty, guarantee, and limitation periods. In this case, your data will be kept for seven years for warranty claims or claims relating to material defects. For other enquiries, your data will be kept for three months.
In order to be able to handle your requests in a timely and professional manner, we rely on the expertise of our distributors and contract partners for product enquiries and complaints. For distributors and contractual partners, the transfer of data to a third country outside the European Union cannot be excluded if the claim will be enforced in the third country in question. If, due to the very nature of the complaint, this will not be possible without disclosure of personal data to distributors and contractual partners, MESI will only disclose the personal data of individuals to distributors and contractual partners with whom it has concluded a contract pursuant to Article 28 of the GDPR and to the extent necessary to resolve the individual claim.
4.3. If the processing is necessary for the fulfilment of a legal obligation to which MESI is subject, Article 6(1)(c) of the GDPR applies as the legal basis: for the transfer of device data to agents in the respective countries for the purpose of ensuring the vigilance of medical devices.
4.4. If the processing is necessary for the legitimate interests pursued by MESI or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) of the GDPR applies as the legal basis for the processing of: log files or when you are contacted by telephone, e-mail or contact forms published on https://mrecords.mesimedical.com.
4.4.1. Log files
When you access or use MESI mTABLET and use our services (e.g. your https://mrecords.mesimedical.com user account), information about this action is collected in a log file (logfile). In particular, the following set of data is stored for each access:
-IP Address,
-name of the opened file,
-date and time of access,
-amount of data transferred,
-notification of whether access was successful,
-notification of why access may not have been successful,
-name of your ISP,
-your computer's operating system and web browser, if applicable,
-the website through which you visited our website.
We process log files for the purpose of ensuring the operation of the MESI mTABLET and its services, system stability, data protection and operational security, providing support and services, and for the protection of people and property, including the protection of business secrets and personal data.
Where data processing is necessary for the fulfilment of your request, we keep the data until the expiry of warranty, guarantee, and limitation periods.
4.4.2. Getting in touch
We can be contacted by phone and e-mail for messages and questions, or via the contact forms available at https://mrecords.mesimedical.com. In the case of telephone conversations, your personal data is only processed if this is necessary to resolve your request. The information collected in the course of dealing with your request by telephone or e-mail and the information marked as mandatory fields in the contact form is either needed by us or by our suppliers or contractual partners to process your request. Without the mandatory information, it would not be possible to process your request.
We process the data thus obtained in accordance with Article 6(1)(f) of the GDPR to protect our legitimate interests in ensuring the operation, quality assurance and process optimisation of our customer service, and to carry out communication with website visitors.
5. Is the provision of personal data a statutory or contractual obligation or an obligation necessary for the conclusion of the contract, does the data subject have to provide personal data, and what are the potential consequences if such data is not provided?
Provision of personal data:
-for the performance of the contract (Article 6(1)(b) of the GDPR), it is a contractual obligation;
-in relation to the performance of statutory obligations (Article 6(1)(c) of the GDPR), it is a statutory obligation.
If you do not want to disclose your personal data to us, we would not be able to sign a contract with you or exercise certain rights and obligations under the contractual relationship.
6. Users of personal data
(a) MESI employees
Your personal data is processed by the employer's staff within the scope of their job responsibilities and authorities and in line with the internal organisation and job classification for the performance of their duties in accordance with the regulations.
(b) External users:
We also share your personal data with certain third parties to:
-process your requests or to provide support, it may be necessary to transfer your personal data to a contractual partner or supplier or legal representative in the country in which you carry out your healthcare activities and, therefore, the request must be executed or supplied there;
-the cookie or hosting provider when you choose to use this service;
- courts, state authorities, and other public authority holders where they are entitled to obtain personal data on the basis of the law in the context of specific procedures (e.g. police, inspection and supervisory authorities, the Financial Administration of the Republic of Slovenia);
-auditors;
-banks or other payment organisations;
-other persons, provided that they have a basis for obtaining or processing the personal data by law or by a final court decision, or that you have given them your explicit consent.
All external users are obliged to comply with the applicable provisions on the protection of personal data in their relationship with MESI. For more information about our external service providers, please contact dpo@mesimedical.com.
7. Transfer of personal data to a third country or international organisation
Personal data is not transferred to international organisations or to third countries unless, in order to process your claims or to provide the services ordered, it is necessary to transfer your data to a contractual partner or supplier or legal representative in that third country in which you are carrying out your healthcare activities, in which case the request must be executed or supplied there. For more information on the safeguards in place, including their copies, please contact dpo@mesimedical.com.
Personal data of users and workgroup members provided through the registration form and during the download, installation or use of the MESI mTABLET and the services is stored and managed in the European Union when users are located in the European Union, or in the Commonwealth of Australia if users are located in the Commonwealth of Australia.
8. Existence of automated decision-making, including profiling
Automated decision making or profiling is not implemented.
If you have explicitly consented to receive personalised newsletters, profiling for the purposes of such marketing is carried out on the basis of your interests (e.g. scope and type of healthcare services). Your consent to customised advertising and marketing campaigns is not a condition of your use of the MESI mTABLET or the services.
If you have expressly consented to receive personalised newsletters, you have the right to object at any time to the processing of your personal data for the purposes of such marketing or to unsubscribe from receiving such newsletters, without any effect on the lawfulness of the processing of your personal data that was carried out on the basis of your consent until you withdraw your consent.
Data processed on the basis of your consent (Article 6(1)(a) of the GDPR) for the purpose of sending personalised newsletters will be stored until your consent is withdrawn, and in the event of a dispute, the data will be stored until the final resolution of the dispute.
9. Period of retention of personal data
The retention period depends on the legal basis for which we process personal data and the purpose of the processing. Your personal data will be kept only for as long as is necessary for the purposes for which they are processed.
In cases where you have given us your personal consent to process your personal data, we keep the personal data until your consent is revoked.
If the processing is necessary to fulfil your request, we keep the data until the expiry of the warranty, guarantee, or limitation periods.
We may, exceptionally, process your personal data for longer if required to do so by applicable regulations in the Republic of Slovenia and/or the European Union (e.g. regulations in the field of medical devices, accounting and taxes).
10. Rights of the data subject
Data subjects whose personal data is collected and processed by MESI have the following rights:
-the right to access data,
-the right to rectification of inaccurate and completion of incomplete personal data,
-the right to erasure of personal data,
-the right to restriction of processing of personal data,
-the right to data portability,
-the right to object to processing based on Article 6(1)(f) of the GDPR, including profiling.
The data subject whose personal data are collected and processed by MESI has the right to obtain from MESI access to, rectification or erasure of, or restriction of the processing of personal data concerning him or her, as well as the right to object to processing and the right to data portability. The individual's request is processed in accordance with the provisions of the General Data Protection Regulation.
You can also contact us directly at any time with questions or complaints. To ensure a prompt reply, you can contact us at the following e-mail address: dpo@mesimedical.com.
11. Consent and the data subject's right to withdraw consent
When the processing is based exclusively on your consent (Article 6(1)(a) of the GDPR), the existence of the right to withdraw consent at any time does not affect the legality of the data processing carried out on the basis of consent until its cancellation.
12. The right to file a complaint with a supervisory authority
In case of a violation of the legislation in the field of personal data protection, an individual can submit a report to the supervisory authority, which in the Republic of Slovenia is the Information Commissioner.
13. Terms of use of MESI mRECORDS
The use of MESI mRECORDS must respect the copyright, name, and trademark rights as well as other related rights of third parties. All content on websites is protected, including featured images, videos, fonts, and trademarks. The individual undertakes to refrain from any misuse of the content, whether for private or commercial purposes. You can find out more in the general terms of use.
Ljubljana, on 8.5.2023
