WhatClinic (“we”) are committed to safeguarding the privacy of our website visitors of the InDesk platform; this Notice sets out how we will treat your personal data when we act as the controller of that data and when its processing is governed by the EU General Data Protection Regulation (GDPR).
We use the term “personal data” to refer to any information collected or processed by, or in connection with, this website or the platform, that directly, or indirectly, identifies you or factors specific to you, such as your name, IP address or user preferences.
Below we describe “lawful grounds” for processing your personal data. These lawful grounds (sometimes also referred to as “legal basis”) are the justification under GDPR for the processing of your personal data. If there are no lawful grounds for processing your personal data neither we nor anyone else is permitted to access or process your personal data.
We may collect, store and use the following kinds of information and personal data (“Collected Information”):
Collected Information, including personal data, will be used to:
If you are a website user, the lawful grounds for processing your Collected Information is our legitimate interest in understanding how users interact with this website and the platform, and to improve how we promote our products and services.
We may share Collected Information about you:
We will take reasonable precautions to prevent the loss, misuse, or alteration of your personal data. Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet. We will store all the personal data you provide or that we collect about you on our secure servers.
We are located in Dublin, Ireland. Submitting your personal data via this website or the platform will transfer your personal data to us. We will process transferred personal data pursuant to the EU-US and the Swiss-US Privacy Shield Framework. The European Commission has issued an adequacy decision stating that entities like ours that accredit to the EU-US Privacy Shield principles be considered to offer adequate protection to personal data, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We adhere to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for the personal data you provide or we obtain about you.
We may transfer your personal data to third parties, as described in Sharing Collected Information, pursuant to the onward transfer principles of the EU-US Privacy Shield. We use these third parties to perform certain functions offered as part of our products and services, e.g. data centre hosting services, SaaS survey solutions and SaaS IT service management software. These providers all certify compliance with the EU-US and Swiss-US Privacy Shield Framework and are restricted from direct access to your personal data but, if necessary, may be granted access to your personal data only to the extent necessary to permit them to perform their contracted services. They are bound by confidentiality agreements and are restricted from using personal data for other purposes. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To learn more, please visit Privacy Shield Framework
We retain your personal data until data is requested to be purged from our systems by you or an authorised member of your organisation.
The website contains links to other websites. We are not responsible for the privacy policies of third-party websites or such site operators’ actions including the collection or use of your personal data.
If you use this website, upon request, WhatClinic will grant you access to your personal data and allow you to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. See Contact Us details on our website.
You are entitled to have any inadequate, incomplete, or incorrect personal data corrected (that is, rectified).
You also have the right to request access to your personal data (including receiving a copy thereof) as well as additional information about how the data was processed.
If we ever process your personal data, with the lawful grounds of your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Furthermore, you are entitled to have your personal data erased under certain circumstances.
As of May 25, 2018, you also have the following additional rights:
Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes an applicable law.
You may contact us if you wish to exercise any of your rights in respect of your personal data processed by this website or the platform.
Contact Us for any further information.