Statement
Mirada Medical Limited believes your data is a precious commodity and know it is your right to total transparency and control on how we use it. We have implemented strong data privacy and security safeguards to ensure that you’re protected to the best extent we can.
We are both a Data Controller and Data Processor for the purposes of the Data Protection Legislation. A “data controller” is an entity that controls how and why personal data is processed and a “data processor” uses, handles or works with the data under the instruction of the controller, typically one of our clients.
This policy outlines what data we collect, how we use it, and the safeguards we put in place to protect it.
Contact us at dataprotection@mirada-medical.com if you have any concerns, wish to request access to the data we hold on you, or wish to uphold any of your other rights.
We review our policies and procedures annually or whenever there is a change. We will always post the latest privacy policy here.
EU Data Subjects
For the purposes of EU Representation we have an establishment in France that will serve as our contact point under Recital 80 of the GDPR. The details are as follows:
SASU Mirada Medical Europe, a company registered in France under registered number [850 071 937] having its principal place of business at Ilot Quai 8.2, Bâtiment E1, Rue d’Armagnac, Bordeaux, 33800, France
If you are an EU Data Subject you can contact our EU-based office at dataprotection@mirada-medical.eu. If a revision meaningfully reduces your rights, we will notify you.
Our Promises:
We’re committed to your data privacy and security. As such we give you these promises:
-
We will only collect data about you that is relevant and necessary
-
Your data will only be held on IT systems that meet compliance standards
-
Your data will only be accessed by those who need it, and we will minimize the amount of data that is processed wherever possible
-
We won’t share or sell your data to any third party outside of Mirada Medical LTD and Mirada Medical USA Inc. (a fully owned subsidiary of Mirada Medical LTD) unless you have agreed through explicit consent, we are required to share it by law, or we need to fulfil our service commitments to you through a third party that meets our own privacy standards
-
We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you
-
We respect your rights as outlined in the next section and will respond to all requests promptly
-
We will not transfer or process your data in any Third Country without informing you and ensuring the same levels of data protection we enforce are in place. The exception to this is data transferred within the Mirada Medical LTD Group where the same levels of data protection are enforced.
Your Rights
You have the following rights over any data Mirada Medical Limited holds about you:
-
Right to object to processing at any time
-
Right to opt-out of marketing at any time
-
Right to have inaccurate data corrected
-
Right to erasure of personal data from our database (unless we’re legally obliged to keep it)
-
Right to export of personal data
If you would like to exercise these rights please contact us at dataprotection@mirada-medical.com
Collecting Data
We collect information about you in two key ways:
-
Passive – you give us information on our website, email us, call us, meet one of us at events or meetings, or approach us on social media
-
Proactive – this is data about you that we may hold from referrals, resellers, or through proactive marketing activity
We use automated analytics and tracking systems for email, document management, and marketing activities so that we can protect and optimize our service and deliver relevant marketing.
We try to minimize the personal data held on you. Typically, this is restricted to:
-
Your personal contact details – email address, phone numbers, business-related social media pages such as LinkedIn, source of your data, and legal reason for the holding of your information
-
Your company details – as above but also address, website and other public held information including invoicing details if relevant
-
Transmitted information – such as emails, texts, messaging, phone call information and recordings, voice mails, email, meeting notes, and document tracking information
We make it a policy not to connect any social media feeds or store any social media you may post to our systems, with the exception of private messages.
Cookies
Cookies are small files placed on your computer which help our website to identify your device when you visit. Please refer to our Cookies Policy HERE to find out more.
Storing Data
Data is stored on encrypted systems on-premise and on hosted cloud services such as Microsoft Office 365 and AWS, in transit, and at rest. We also use Salesforce CRM to process your data.
As such, some data will either be in UK or EU data centers or on US-based servers. We ensure that the correct mechanisms and safeguards are in place to carry this out including but limited to EU Standard Contractual Clauses.
We use your data to market to you if you have consented us to or if we believe we have a legitimate interest in doing so, to fulfill contractual arrangements or for legal purposes. Calls may be recorded for information holding, quality, and training purposes. Our email, document management, and website analytics are used for information purposes and to track breaches of copyright. All our processes are mapped and are subject to various internal policies to ensure your data privacy and security.
Data Permissions:
Every email sent from Mirada Medical Limited allows you to opt-out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements.
You can also send an email to dataprotection@mirada-medical.com and request to opt-out, view, export, or delete your data.
If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed.
Third Parties:
We will never sell your personal data for marketing purposes to third parties. To fulfil marketing initiatives we may need to work with marketing partners or use marketing platforms such as Pardot.
We will only share information for use where agents, resellers, or suppliers are involved in the delivery of your service. In such cases we will first attempt to anonymize the data, or minimize it to the fullest extent possible
Retention:
Dependant on the data you provide us and for what purpose it is provided we may need to retain your data for up to 6 years. If you wish to find out more about your specific data retention, please contact us.
If we are processing data as part of working on clients data we will delete the data we hold no more than 90 days from completion of the project or end of contract, whichever happens later. We may also de-identify image data (known as Pseudonymisation) for research purposes.