Update: 02, June, 2022
MEDICAL ELECTRONIC SYSTEMS DATA PRIVACY POLICY
Welcome to Medical Electronic Systems Limited (“MES”)’s Privacy and Data Protection Policy (“Privacy Policy”). At MES (“we”, “us”, or “our”) we are committed to protecting your privacy and personal data in compliance with the law and guidelines of the EU General Data Protection Regulation (“GDPR”). This document explains how we collect, process, and keep your data safe and also what are your rights with regards to your data.
Our contact details:
Medical Electronic Systems Limited
20 Alon Hatavor Street, Caesarea Industrial Park, Israel Zip code: 3088900
Email: support@yospermtest.com
Definitions:
- GDPR: The General Data Protection Regulation (EU) 2016/679 (GDPR)
- Personal Data: Information relating to an individual who can be directly identified. Personal Data includes factual information as well as expressions of opinion or intentions.
- Data Controller / Controller: The organization that determines the manner and purposes for which Personal Data is to be processed. In this case, MES.
- DPO: The Data Protection Officer, a person appointed to deal with all data-related matters. Our DPO at the time of creating this policy is Taly Vider Cohen. You can address any data-related issues or questions to this person at the following email: support@yospermtest.com
- Processors: Staff members of MES authorized to discharge the responsibilities of the Data Controller.
- “Staff members” – employees, contractors, consultants, and anyone acting on behalf of our organization.
- Users: Any individual who either browses the public website, engages with our support, speaks with our staff, creates a profile, or uses our site or APP or test kit.
- Personal Data Breach: Loss, theft, or unauthorized access, use or disclosure of Personal Data.
- Privacy Policy: This document.
- “Our website” or “The site” – www.mes-global.com or www.yospermtest.com
- “Our APP” – a downloadable mobile application – YO Home Sperm Test (“YO”) currently available on the Apple APP store and on Google Play (com/download-yo-home-sperm-test-app/) and, in the future, could be available on additional sites or stores.
- “Third parties” – Suppliers, business contacts, staff members of our users and any other people that we may need to contact.
The Information That We Collect and Store:
Personal Data means any information about an individual from which that person can be identified. We currently collect and process the following information about some individuals to improve the YO Home Sperm Test customer experience.
If you sign up on the APP or on the site, you create a profile that includes the following data:
- Profile Data (Optional): first name, last name, age, and gender.
- Contact Data: includes approximate location data, email address, wi-fi name, internet connection details, connection speed.
- Communications Data: includes your preferences in receiving support and marketing from us and your communication preferences.
We also collect the following data when you log onto the site or APP, we collect:
- Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, operating system, and other technology on the devices you use to access this website.
- Customer Support Data: includes feedback and survey responses. If you have engaged in a webchat or contacted us by email or on live chat, we will retain a record of that conversation
- Usage Data: includes information about how you use our APP, website, products, and services.
As explained here, there are limited circumstances, when we collect data about your health which is a special category of Personal Data called Protected Health Information (PHI) and is entitled to increased protection.
In most cases, when you use the APP to upload test results, we do not know and have no way of knowing that results belong to a particular person. In these circumstances, although we have results data, they are entirely anonymous.
However, in some cases, such as a voluntary account sign-up, support enquiry, or a question concerning test results, we may receive, store, and share your results. In this case, we would have both personally identifiable information and the results of the user’s semen analysis tested by our APP (YO Sperm Test), including qualitative results of MSC (motile sperm concentration), semen quality score (YO SCORE) and a video recording of the user’s sperm.
We acknowledge the particular sensitivity of your health data and have therefore implemented a policy that is meant to make sure that we never store more data than we need, we only store such data for the minimum amount of time required, we keep it under strict security protocol and dispose of it regularly. If you would like to know more, please get in touch with our DPO.
Other than the health data described above, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, and genetic and biometric data) unless voluntarily provided. Nor do we collect any information about criminal convictions and offences.
How do we collect this information?:
Most of the personal information we process is provided to us directly in the following way/s:
- You create an account and provide us with your email address
- You upload test results
- When you create an account with us, you agree to disclose your personal data to us (specifically, your email, and location).
- When you upload your test results, you complete a declaration and agree to give us access to them for limited purposes.
We might also obtain data from additional sources:
- We may gather and use data from users of our website and APP and third parties. We use Co-pilot CX Ltd to analyze patterns of usage to improve the customer experience. See Co-pilot’s privacy policy here: https://copilot.cx/privacy-policy
What do we do with your information?
The information that we receive from you, is received for the following reasons:
- We analyze the test results to check whether the problem reported by the customer is related to a software bug or any other software issue. Then we are using the email address to contact and support the customer.
- Geo-location data – we use this data to establish a WiFi connection and suggest physicians in your proximity.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
There are numerous justifiable reasons under the GDPR that allow collection and processing of Personal Data. We rely mainly on:
- Consent: Certain situations allow us to collect your Personal Data, such as when you create and account and provide us with your email, or upload your test results and authorize us to receive this data. You are thereby consenting that we receive, hold, and process the data.
- Contractual Obligations: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
- Legal Compliance: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
- Legitimate Interest: We might need to collect certain information from you to be able to meet our legitimate interests – this covers area that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom, or interests. Examples could be your geolocation, so that the APP can suggest physicians or other service providers in your physical proximity.
For the collection of special category data (Protected Health Information), we rely on explicit consent.
We may share this information with:
We may share non-personal data with third parties to, for example (but not by way of limitation), improve our site, APP, or other services.
We many share your personal data (but not health-related information) with carefully selected third parties for marketing purposes. For example, we are allowed to share your email and name with our affiliates who could then use these to offer promotions to you.
We may share your Personal Data with subcontractors (only when necessary and with your consent) or affiliates or for the purpose of additional clinician recommendations or physician referral (subject to confidentiality obligations to use it only for the purposes for which we disclose to the user and pursuant to our instructions).
We may also share Personal Data with interested parties in the event that MES anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.
If MES is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your Personal Data and Protected Health Information to a third party as part of or in connection with that transaction. Upon such transfer, the Data Privacy Policy of the acquiring entity may govern the further use of your Personal Data.
In all other situations your data will still remain protected in accordance with this Data Privacy Policy (as amended from time to time).
We may share your Personal Data Protected Health Information at any time if required for legal reasons or in order to enforce our Terms of Use for our Site/Terms of Service or this Data Privacy Policy.
Our APP or Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our APP or Site, please review the privacy policy of every website you visit.
How we store your information
Your information is securely stored in Firebase, Bigquery, and Mongo DB. We store the data on secure cloud services running in the United States. Firebase and Bigquery are part of Google. Google and MongoDB are organizations committed to privacy and have stated that the model clauses relating to transfer of data between the EU and United States are fully compliant with the GDPR. We urge you to read their statements and policies in full.
We generally don’t delete the information that we hold for the benefit of our users who may want to use our services in the future but in the event that we requested results data, which is special category data, we would make every effort not to hold it for more than a year and we will do so by fully anonymizing any results data that we have received such that it could not be linked to a particular person. You can also request to delete data which refers to you by contacting the company.
We have implemented a concept of security by design and constantly apply rigid data protection measures to secure your data.
We take at least the following measures:
- We are protecting databases with unique password (database is accessible from a website which is password protected)
- Each internal user has a unique password.
- We encrypt our databases.
- We encrypt our passwords.
- We implemented an Audit trail, so that we can investigate any issues.
- We conduct regular vulnerability testing at least once a year
- We maintain a risk management policy, regularly assess, and address risks related to privacy and security
- We use an encrypted HTTPS protocol for our websites.
Even though we follow industry best practices and make great efforts to protect your data, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure or have any reason to believe that a data breach has occurred, please contact us urgently.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erase your data – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your Protected Health Information and Personal Data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
- California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and to provide contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the DPO.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact our DPO with any data-related issues including any of the requests detailed above.
Additional matters
- Marketing consent – You will receive marketing and new content communications from us if you have created an account. You can ask us to stop sending you marketing messages by changing the communication preferences in your account with us. This can be done by logging into your account and turning off the option to share your data from the Settings Menu.
- Purpose – We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Our DPO is always available to explain how the new purpose is compatible with the original purpose. We may process your personal data without your knowledge or consent, but we must have a legal basis to do so as detailed above.
- How long will we retain your data for? – We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
- International transfer of data – Your information may be stored and processed in the United States or other countries or jurisdictions outside the US where we have facilities. Insofar as we store data in the US, we will always use providers that have implemented the model contract clauses that enable transfer of data between the EU and the US. By using the YO APP, you are permitting and consenting to the transfer of information, including personal data, outside of the US.
- Age limits for our users – You must not use YO unless you are aged 18 or older. If you are under 18 and you access YO by lying about your age or are otherwise in breach of our Terms of Use for our Site or Terms of Service and this Privacy Policy, you must immediately stop using YO and terminate your account. The website or our YO APP is not intended for children and we do not knowingly collect data relating to children.
- Notification of changes and acceptance of policy – We keep our Privacy Policy under review and will place any updates on this webpage. This version is dated January 1, 2021. By using our website and our APP, you consent to the collection and use of data by us as set out in this Data Privacy Policy. Continued access or use of our website and our APP shall constitute your express acceptance of any modifications to this Privacy Policy.