In accordance with the provisions of the law governing these Terms, access to the MESI mRECORDS and Services is limited to persons over 18 years of age, that have the legal capacity to enter into a binding contract.
Therefore, when registering on MESI mRECORDS or/and using Services, you expressly state and ensure that you fulfil this requirement and otherwise accept the consequences if they arise. If you are unable to comply with the conditions laid down in this chapter, please do not register at MESI mRECORDS and use Services.
In accordance with the provisions of the law governing these Terms, MESI is committed to limit access to MESI mRECORDS and Services to medical professionals who are qualified to meet all of the requirements demanded by their profession in the country in which they pursue this profession. Therefore, by registering on MESI mRECORDS, you expressly state and guarantee that you meet this requirement and accept the consequences that may arise if otherwise.
To access to MESI mRECORDS and Services, MESI offers a registration system that will manage registries’ personal information and create customized access with a username and password.
How does it work?
Once registration is completed by the User or the HCP, access to MESI mRECORDS Services are enabled through the MESI mRECORDS. Both the User and the HCP may customize the profile by using the user settings. By registering as a User or HCP you will allow MESI to use your data once it has been dissociated from you, and it cannot be associated with you as you always remain anonymous along with the aggregated anonymous data from other registered Users or HCP. Both HCP and Users, through the MESI mRECORDS respectively, may enter, access, modify, correct, update, or cancel their profile information and reject the processing of their data. Additionally, MESI mRECORDS provides to Users and HCP an intermediary service between the two in which, through the MESI mRECORDS, the User can communicate, advice, monitor and access data from HCP who have accepted him/her invitation to be their HCP in his/her working group.
Data Protection general information and Consent
Provisions of Data Protection in these Terms apply to the MESI mRECORDS and Services. Existence of file: In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), MESI hereby informs the Users and HCPs that their personal data and other information provided through the registration form and during the download, installation or use of the MESI mRECORDS and Services shall be administered in the European Union, when intented or users in the European Union, or in Commonwealth of Australia, when intended for users in the Commonwealth of Australia. Under conditions set in this Terms responsibility of data processing is MESIs, located at Leskoškova cesta 11A, 1000 Ljubljana (Slovenia) with tax ID number SI67221998. MESI confirms that this file has been notified and registered in the Slovenian Data Protection Agency, and MESIs data protection officer is Andreja Mrak (firstname.lastname@example.org). The right to access, rectify, challenge, and cancel the data through the MESI mRECORDS account and using MESI mRECORDS Services may be exercised in writing to the email email@example.com or to the address Leskoškova cesta 11A, 1000 Ljubljana (Slovenia). Obligation to provide information: All data fields on the registration form are required for registration. Failure to communicate such data makes it impossible for MESI, to determine if the Services offered on the MESI mRECORDS can be used by the User and the HCP, as it is impossible for the User to use the MESI mRECORDS and Services as it was intended to be used. Purpose and Consent: By voluntarily providing personal data, and completing and submitting the registration form for the User and HCP, or to use the MESI mRECORDS Services, and by clicking on the corresponding checkbox, the User and the HCP give their express consent for MESI to process their personal data in order to manage the use of the MESI mRECORDS Services and MESI mRECORDS, or functionality of its devices, and to receive information or news related to the MESI mRECORDS and Services by any means, including electronic emails, unless specified otherwise by law. Statistics Report: Please note that MESI mRECORDS may use the data provided by the Users and HCP through the registration in order to draw general conclusions based on these data and statistical reporting to improve Services. In preparing these reports, the data will be in an aggregate form so it will always be used anonymously and without any elements that identify the User or HCP who provide such data. Therefore, no identification data such as email account, first name and last name of any User or HCP will be included in these statistical reports.
»Personal Information« for the purposes of these Terms means information that identifies you as registered User or HCP, such as your name, position and profession at health organization, address, phone number, fax number or email address. MESI do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual. MESI collect Personal Information when you register, communicate with MESI through customer support or by sending a feature request.
Through the MESI mRECORDS and Services, you can collect and store Health-related information, which you can then share with other HCP for the benefit of patient treatment process. In any case, the User's personal data will not be disclosed or transferred by any party other than their HCP on the MESI mRECORDS under the terms listed above without the User's express prior express, unless otherwise specified by law. The HCP may only use the User's data who has selected them as their HCP in order to be able to follow up and monitor the User, and give the advice they consider most appropriate for the period that the User decides. With the acceptance by the HCP of the User's invitation to be their HCP, the HCP is expressly authorized for the assignment of personal data for the MESI for the purpose of using MESI mRECORDS and Services provided through it, consisting of: e-mail of the HCP (which, in any case, this HCP has provided to the User prior to the User sending them the invitation freely, voluntarily, and optionally without any intervention from MESI), their first name and last name, the User who invited them to be their HCP and has agreed to be their HCP, position and profession at health organization for the purpose indicated in this paragraph. Users may have as many HCP as they want, if, in turn, the HCPs they invite accept their invitations. Unless otherwise specified by law, the HCP personal data will not be given or transferred by MESI to any party other than the User who invited them to be their HCP (and whose invitation has been accepted), without the express prior consent of the HCP personally. At any time, the User and the HCP may terminate their relationship with MESI by using one of the options that is available to both in their configuration panels. From that moment that the HCP or the User decide to end their relationship through the MESI mRECORDS, the person that the User designated as their HCP will immediately cease to access the data provided by the User to MESI, and the User will no longer have immediate access to the data stored with their HCP in MESI mRECORDS. Both the User and the HCP may disengage other Users and HCP, respectively, at any time.
Additionally, MESI mRECORDS provides to User and HCP an intermediary service between the two in which User and HCP can collect, process and store Health-related information about their patients. MESI mRECORDS Services will allow you to synchronize Health-related information in a secure environment to make and keep a backup copy so you can store and retrieve your data at any time and from any device that lets you do so, unless you decide not to. Once MESI mRECORDS Services are used and User do not choose not to synchronize Health-related information in a MESI mRECORDS, MESI acts as the Processor on behalf of a User as the Controller for storing and backup copy purposes of such data, unless otherwise expressly determined by Cooperation Agreement between the User and MESI. However, MESI does not own any of such Health-related information or information collected or shared between the Users and HCP. Thus, any Health-related information provided by the Users or the HCP belong exclusively to them, unless expressly provided otherwise in these Termes. Despite the fact that MESI does not own any of such data, the company has applied all the measures required for the »high-security-level-files« by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in order to grant the protection of the data and information of the Users and HCP when MESI is acting as the Processor on behalf of a User as the Controller.
MESI has applied all the measures required for the »high-security-level-files« by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, in order to grant the protection of the data and information of the Users and HCP and Health-related information. MESI ensures absolute confidentiality and privacy of Users and HCP personal data, and when acting as Processor for Health-related information data storage, and has therefore adopted essential security measures to prevent alteration, loss, treatment or unauthorized access to guarantee its integrity and safety, and has especially taken the measures provided for this in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of personal data. However, MESI is in no way liable for any incidents that may arise with respect to personal data that derive either from an attack or unauthorized access to systems that is impossible to detect by the security measures implemented. MESI also exercise no control over how your information is stored, maintained, or displayed by third parties that you have shared yours, and/or also Health-related, data with.
Based on and in accordance with these Termes, MESI shall, unless otherwise expressly determined by Cooperation Agreement between the User and MESI, – as the contractual data Processor, on behalf and for the account of the User as the Controller – perform the tasks laid down herein and relating to personal data storing (hereinafter: the Contractual Processing) and shall consequently be explicitly obliged to implement the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and other regulations in the area of personal data protection, which the MESI and User undertake to observe when processing, that is storing, personal data. By registering and synchronizing Health-related information about their patients, User permits the MESI to perform Contractual Processing of patients personal data: name, surname, date of birth, sex, address, telephone number, email, race, ID - unique identifier under which they are kept at the User or HCP institution, photograph of the patient and photographs of the disease, wounds and description of the disease, wounds, data of measurements (ECG, blood pressure, SPO2, spirometry, ABI, TBI) and other data entered as part of the measurement preformed through Services;
all in the manner and within the scope required for storage and backup purposes of Health-related information of his patients or the exercise or fulfilment of the mutual rights and obligations under these Termes.
For the purposes of personal data processing in accordance with these Terms, data processes in the manner and under the conditions of these Terms shall be retained until the time of the withdrawal of consent, unless the interests or the fundamental rights and freedoms of the data subject prevail or the law prescribes otherwise (e.g. until the completion of judicial proceedings for the recovery of unpaid liabilities or until the realization of the purpose for which they were collected as in cases of providing technical support to the User or HCP).
MESI may not and does not process personal data for any other purpose that is not defined herein or is not based on these Terms or the exercise/fulfilment of the rights and obligations of the Controller and Processor hereunder, unless provided otherwise by the applicable legislation.
Shall always be responsible for the legality of the processing of communicated data which is performed in accordance with these Terms, within the scope of the exercise/fulfilment of the mutual rights and obligations hereunder or based on the instruction in accordance with these Terms, while the Processor shall only be responsible if this is necessary for the assurance of the security of personal data that are communicated to it for the purposes of Contractual Processing under this chapter.
Gives explicit consent to the Processor to continue cooperating with the contractual partner for data storing with whom it has a contract on the date of signing: Microsoft Ltd. for the Azure brand.
Hereby issues its explicit consent or general written consent for the Processor to engage additional subcontractors without prior consent. The Processor must inform the Controller of all intended changes regarding engagement of additional subcontractors, which allows the Controller to object to such changes.
Taking into account the current state of the art in technology, costs of implementation, nature, scope, circumstances and purposes of processing as well as the probability and severity of the risks for data subjects, it must implement technical and organizational measures for the protection of personal data against unauthorized or illegal processing or accidental loss, destruction or damage.
It must itself erase the communicated personal data after completing their processing in accordance with the purpose referred to in this chapter, unless it orders the Processor to do so or unless stipulated otherwise by applicable legislation.
Must ensure that the persons authorized for personal data processing have undertaken to safeguard confidentiality or that they are obliged to such by the relevant law.
Taking into account the current state of the art in technology, costs of implementation, nature, scope, circumstances and purposes of processing as well as the probability and severity of the risks for data subjects, it must implement technical and organizational measures for the protection of personal data in the scope required by legal provisions applying to it, i.e. especially against unauthorized or illegal processing or accidental loss, destruction or damage as follows:
premises in which personal data are located shall be protected with an alarm, video surveillance, or access control; they shall be locked outside business hours, while they shall be protected by the presence of employees during business hours, whereby access rights of employees are regulated according to their powers; fire protection shall be ensured with an automatic sprinkler system; and protection against water spillage and air conditioning shall be ensured; the replication system of the primary server system at a remote location that ensures the availability of data even in the event of a failure of operation at the primary location shall be ensured;
the processes of personal data processing are performed in the business premises of the contractual processor, and the data storage itself in the system rooms at the contractual partner of Processor for storing of Microsoft Ltd. for the Azure brand.
systems and application software, data carriers and the transmission of data over telecommunications networks shall be protected with a system of passwords for authorization and user identification as well as limited by the obligation to register subject to the location or country for each domain; personal data carriers shall be stored in secured premises; by pseudominizing personal data during their storage; sensitive personal data shall be protected during transmission over telecommunications means and networks so as to ensure they cannot be read or recognized (by encryption and / or anonymization); security inspections of the software shall be performed; and access to data in electronic format shall be protected with a password at the level of the operating system and the level of the application;
integrity (immutability) and confidentiality of data shall be ensured through the personal accountability of employees, the confidentiality of data and limited employee authorizations for access to the data, employee education and training about personal data protection, and the obligation of employed workers to sign an explicit statement on the non-disclosure of personal data content; employees of the contractual partner Microsoft Ltd. for the Azure brand, however, they do not have the right to access the data, or their usernames are deactivated and are activated only in the event of troubleshooting that the processor would not be able to perform independently (the rights are specified in more detail in the processor's internal rules).
written documentation shall be located in a locked cabinet while written documentation containing sensitive personal data shall be sent via registered post or via e-mail in encrypted and electronically signed form;
data accessibility or availability shall be ensured through regular archiving, anti-virus programs and backup; a copy of the data stored by the processor is located at a remote location, live data is in electronic form;
the 5 years (time, date, performer) traceability of all operations performed on data shall be ensured with audit trail as well by ensuring the traceability of the transmission of data to third parties and on what legal basis)
it shall also comply with other mandatory requirements laid down by the legal provisions governing personal data protection.
Processor may only cooperate with the subcontractors with which it has suitable agreements or arrangements concluded as at the date of the reception of the notice of the positively assessed application on joining the Campaign or request for participation, whereby the agreements or arrangements bind the subcontractor to observe the conditions applying to personal data processing and stipulated in these Terms.
Declares that it cooperates only with the contractual partner for data storing Microsoft Ltd. for the Azure brand, and with which it has concluded relevant agreements on the day of signing, that the contractual partner complies with the conditions and conditions for the processing of personal data from these Termes.
In the event of a planned replacement of a subcontractor, the Processor must inform the Controller thereof and thus enable the latter to submit a written statement regarding any objection to such a replacement within five (5) business days.
It must keep documentation relating to the activity of personal data processing which is required in accordance with the provisions of the regulations governing data protection such as traceability of processing and record of processing activities.
In the event of any violation of personal data security hereunder, it must notify the Controller thereof immediately, but no later than within two business days of learning about the violation.
As far as this is possible, it must provide the Controller with reasonable assistance (using suitable technical and organizational means) in the fulfilment of its obligations to respond to the requests of data subjects provided such requests relate to the exercise of their rights laid down in relevant legal provisions. The Controller shall bear or be liable for any reasonable costs resulting from such assistance.
Taking into account the nature of processing of communicated personal data and in the scope related to the implementation of these Terms, it must assist the Controller in the fulfilment of the latter's obligations laid down by the legislation in relation to the protection of communicated personal data. If such assistance represents significant costs for the Processor, it shall have the right to receive adequate compensation from the Controller in accordance with the market rates applying to such services.
Exclusively within the scope related to the implementation of these Terms, it provides the Controller with access to the information that is reasonably required to prove that it has fulfilled the obligations laid down by the legislation governing personal data protection. It must also enable the Controller or auditor authorized by the latter to perform an audit once a year, i.e. in the scope relating to personal data processing under these Terms. If such assistance represents significant costs for the Processor, it shall have the right to receive adequate compensation from the Controller in accordance with the market rates applying to such services.
In the event of the termination it must immediately cease processing the personal data of the Controller (the Processor must delete all personal data and immediately destroy any copies, and it is the Controllers responsibility to itself erase the communicated personal data before that Processor delete its), unless provided otherwise by applicable legislation. It may exceptionally process them solely for the purpose of completing the operations started in accordance with these Terms which it is obliged to provide.
It must process personal data only based on the documentary instructions of the Controller (including the transfers of personal data to a third country, etc.), unless provided otherwise by applicable legislation. If the Controller requests the Processor to follow the instructions for processing despite the Processors notification that such an instruction violates applicable data protection regulations, the Controller shall be liable for the subsequent processing in accordance with such instructions.
If the Processor fails to act in accordance with the provisions of this chapter and this results in the risk of destruction, alteration, loss or unauthorized processing of personal data, the Controller must caution it of this and set a new deadline for the elimination of irregularities. If the Processor fails to act in accordance with the Controllers request, the Controller may withdraw from or terminate cooperation with the Processor without a notice period.
MESI mRECORDS website uses automatic data collection systems, not directly provided by the User and the HCP, such as cookies. Cookies are files that are installed on the hard drive of the User's and the HCP's devices, or in the memory on the default browser pre-configured in the computer's operating system, to identify User or HCP. While it does not contain intelligible information, it associates the User's and HCP's identity with personal data that they leave on the website. Cookies are located on a MESI mRECORDS server so that only MESI mRECORDS can process and/or manage the information collected and obtained through cookies - and exclusively only anonymously, and aggregated in order to optimize the Services of the MESI mRECORDS regarding the specific requirements and preferences of Users and HCPs expressed through their browsers. On entering the MESI mRECORDS website, the User and the HCP are giving their consent to install the aforementioned cookies on their hard disk.
Data Confidentiality and Business Secrecy
All data and information required using MESI mRECORDS and Services as well as specific knowledge used for implementation of these Terms, shall irrespective of the format of recording or data carrier on which they are located be deemed to represent a business secret between MESI, User or HCP. The publication of the abovementioned information and data, their photocopying, reproduction and other forms of processing and provision of access or handover to third parties shall be deemed to represent a serious violation of the provisions of these Terms.
Each contracting party is obliged to safeguard business secrecy both during and after cooperation under these Terms, i.e. irrespective of the reason for termination.
The provisions of this chapter shall – subject to the applicable legislation – also apply mutatis mutandis to data that are deemed internal, secret or confidential as well as personal, unless provided otherwise by these Terms. MESI, User and HCP shall be obliged to protect all data that are to be protected under this point pursuant to the applicable legislation, whereby they shall ensure protection that corresponds to their respective level of confidentiality. During the time they have such data in their possession, they shall especially not disclose them persons who are not authorized to access them. During their processing, they shall ensure their active and passive protection so that their security and non-disclosure are ensured, while they shall after the said period provide for their permanent and irreversible destruction, unless provided otherwise by the applicable legislation.
The provisions of this chapter shall not apply to the data the content of which was generally known prior to disclosure and which could be accessed by anyone without any obstacles, unless provided otherwise by the applicable legislation. This shall however apply solely when their re-disclosure does not cause any damage, including loss of reputation or goodwill, to MESI, User or data subjects.
MESI does not provide any legal, medical, or psychological advice, diagnoses, or treatment. Therefore, you assume full risk and responsibility for your use of information obtained through the MESI mRECORDS and Services. You acknowledge that all of the information and content in the MESI mRECORDS and Services is for informational purposes only and is not intended to replace the professional opinion.
MESI is not a licensed medical care provider and have no expertise in diagnosing, examining, or treating medical conditions thereby MESI does not give medical, legal, or psychological advice, diagnoses, or treatment. The MESI mRECORDS and Services may provide helpful Health-related information, but it is not intended to substitute for professional advice, diagnoses, or treatment, or your judgment. »Health-related information« for the purposes of these Terms means all individually identifiable health information, including information related to an individual's physical or mental health.
MESI owns or has rights to all of the content in the MESI mRECORDS and Services (hereinafter: MESI mRECORDS Content), excluding User Health-related information, which belongs exclusively to the User and HCP, as stated in Clause 4.3. The MESI mRECORDS Content include: designs, text, graphics, images, video, information, logos, button icons, software, audio files, computer code, and other MESI mRECORDS content. All MESI mRECORDS Content and the compilation (meaning the collection, arrangement, and assembly) of all MESI mRECORDS Content are the property of MESI or its licensors and are protected under copyright. For this reason, the User and HCP shall refrain from reproducing, adapting, combining or integrating into other applications, arranging or otherwise handling or transforming, and from publicly communicating or publishing the MESI mRECORDS Content. MESI is committed to respecting the rights of industrial and intellectual property of others and expects Users and HCP to act in a similar manner. According to the law in effect at the time, MESI responds promptly to claims for infringement on industrial or intellectual property rights that are allegedly committed by Users or HCP on the MESI mRECORDS or Services. Such claims shall, where appropriate, be notified to the appropriate authorities. MESI reserves the right to use anonymous contributions made by all Users or HCP in the testimonial area, or post on the MESI mRECORDS, in order to promote the Services offered through the MESI mRECORDS by, but not limited to, the insertion of advertisements in different media or publishing books. MESI reserves the right to remove any content that Users or HCP place on website, if has actual knowledge that the activities in such websites, or content thereof, are illegal or violate the rights of others, or if it is required to do so under a court order, arbitration award, or administrative order. Is completely forbidden and MESI reserves the right to remove (with their absolute discretion) any content posted by a User or HCP on the MESI mRECORDS, that infringes industrial or intellectual property of others, or is contrary to the law, morality or public order.
If you submit to MESI any information relating to MESI mRECORDS, Services or other products or services by any means, such as through customer support by any communication channels, or other personnel, such information is not governed by these Terms applicable for that information channel, and automatically become MESIs property without any obligation, and you are not entitled to any accounting, compensation or reimbursement of any kind from MESI under any circumstances.
Disclaimers, Limitations and Prohibitions
These Terms will continue to apply until terminated by either you or MESI in accordance with the following provisions:
If you want to resolve your relationship with MESI, you may do so by notifying MESI at any time or by canceling your MESI mRECORDS account. Your notice should be sent in writing to the email firstname.lastname@example.org,
MESI may resolve your legal relationship with you at any time if: (i) you breach any of the clauses in these Termes, (ii) MESI is required by law, (iii) MESI no longer provides Services to Users and HCP within the User's country of residence or the country in which the HCP practices their profession or the country in which the User uses the Services.
Services or the provisions set forth in these Terms may be updated or changed from time to time. A link to the most current Terms will be available on the home page of the MESI mRECORDS https://mrecords.mesimedical.com/register/terms/web and the date of the »Latest Update« at the bottom of the Terms will be indicated. Changes take effect immediately upon posting. You are held responsible to visit this page periodically to review the most current Terms. Your continued use of the MESI mRECORDS Services following the posting of such changes constitutes your acceptance of the amended Terms. Without limiting the foregoing, if a change to these Terms that materially affects your use of the Services, notice about it may be posted or you will be notified via email or on the home page of the MESI mRECORDS of any such change. The most current version of the Terms shall govern and supersede all previous versions.
In case of modification, change or termination of any of the content in these Terms under sentence or judgment given by a competent court or under an award made by an arbitrator or by a court of arbitration, the other content that have not been modified, changed, or resolved remain in force and shall be valid for both parties.
No waiver and severability
MESIs failure at any time to require performance by you of any provision of these Terms shall in no way affect its right to enforce such provision, nor shall the waiver of any breach by you of any provision herein constitute a waiver of any succeeding breach or the provision itself.
If any provision of these Terms is deemed invalid or unenforceable, then that provision shall be construed to the extent necessary to make it valid and enforceable in such a manner as comes closest to preserving the intentions of such provision, and the remaining provisions shall remain in full force and effect.
Governing law and jurisdiction
Contact us if you have any privacy or personal data questions or concerns
If you have privacy or personal data concern or questions send an e-mail to email@example.com.
Date of last revision of these Terms (»Latest Update«):01.12.2020.