Privacy Notice

Data controller and data processor

Medeloop serves as the data processor for most information entered into the Medeloop website and supporting systems, acting on behalf of its customers who serve as the data controllers. However, Medeloop also collects certain information directly from users for security, logging, and website performance purposes, where it acts as the data controller and processor. Medeloop may engage third-party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.

Personal information we collect

Information you provide to us

• Contact data, such as your first and last name, salutation, email address, and professional title and company name.
• Communications data based on our exchanges with you, including when you contact us through the Service or otherwise.
• Research data, such as the research institution with which you are affiliated, and the nature and type of research being conducted.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection

We, our service providers, and our business partners may automatically log information about you, your computer, and your interaction over time with the Service, our communications and other online services, such as:

• Online activity data within the website, such as pages or screens you viewed, how long you spent on a page or screen, and access times and duration of access.

Cookies and similar technologies

Some of the automatic collection described above is facilitated by the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both "session cookies" that are deleted when a session ends, "persistent cookies" that remain longer, "first party" cookies that we place and "third party" cookies that our third-party business partners and service providers place.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How we use your personal information

Service delivery and operations

We use your personal information to provide, operate, and improve the Service; communicate with you about the Service; and provide customer support.

Service improvement and analytics

We use personal information to understand how users interact with the Service, monitor and improve the Service and our business, and develop new products, services, and features.

Compliance and protection

We use personal information to comply with applicable laws and regulations; protect our rights, privacy, safety, or property; conduct audits; enforce our terms and policies; and prevent fraudulent, harmful, unauthorized, or illegal activity.

With your consent

In some cases, we may specifically ask for your consent to process your personal information. Where we rely on consent as the legal basis, you have the right to withdraw consent at any time.

Aggregated and de-identified data

We may create aggregated, de-identified, and/or anonymized data from personal information we collect. We may use and disclose this aggregated, de-identified, and/or anonymized data for any purpose, including for research and marketing purposes.

Cookies and similar technologies

We use cookies and similar technologies for the technical operation of the Service, to provide additional functionality, and for analytics and measurement purposes.

Legitimate Interests

Where we process your personal information based on our legitimate interests, we balance those interests against your rights and interests and ensure that we do not process your personal information in a way that is unduly prejudicial to you.

Retention Time

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Service to you
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records for a minimum period of time)
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations)

Processing Purposes

• Providing Services — delivering the core functionality you requested.
• Analytics — understanding how our Service is used and improving it.
• User Database Management — maintaining and managing user account data.
• Managing Contacts — managing our contact and customer relationship databases.
• Displaying External Content — showing content from third-party platforms.
• Hosting — operating infrastructure to deliver the Service.
• Contacting the User — responding to inquiries and sending relevant communications.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

• Affiliates. Our corporate parent, subsidiaries, and affiliates.
• Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, and customer support).
• Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
• Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the purposes described above.
• Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Medeloop, financing of Medeloop, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares). We may also disclose your personal information to an acquirer, successor, or assignee of Medeloop as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Your rights

Users have the following rights regarding their personal data processed by Medeloop:

• Right to Withdraw Consent — where processing is based on consent, you may withdraw it at any time.
• Right to Object — you may object to processing based on our legitimate interests.
• Right of Access — you may request a copy of the personal information we hold about you.
• Right to Rectification — you may ask us to correct inaccurate or incomplete personal information.
• Right to Remove or Reject Cookies — you may adjust your browser settings to remove or refuse cookies.
• Right to Restrict Processing — in certain circumstances, you may ask us to restrict processing of your personal information.
• Right to Erasure — you may ask us to delete your personal information in certain circumstances.
• Right to Data Portability — you may request your personal information in a structured, commonly used format.
• Right to Lodge a Complaint — you have the right to lodge a complaint with a supervisory authority.

To exercise these rights or obtain further information, users can contact Medeloop using the contact details provided in this document.

Other sites and services

The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:

• Encryption — data is encrypted in transit and at rest using industry-standard protocols.
• Access Control — access to personal information is restricted on a need-to-know basis.
• Regular Audits — we regularly review and test our security controls.
• Employee Training — our staff receive regular training on data protection and security practices.

International data transfers

Medeloop may transfer your personal data to countries outside your own. Where required by law, we ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the relevant regulatory authorities. For more information about our international data transfer practices, please contact us using the details provided below.

Children

The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe we have collected information from a child under 18, please contact us immediately.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us: