Privacy and Cookies Policy

Effective date: 2024-03-06

Who we are

Welcome to the website of Medical Device HQ AB, Björkvägen 14, 22456 Lund, Sweden. Medical Device HQ AB is a Swedish company registered under  Org. No.: 556736-4541 and VAT no: SE556736454101 (“us”, “we”, “our”, or “Medical Device HQ”). You can reach us at support@medicaldevicehq.com

Medical Device HQ operates the https://medicaldevicehq.com website (the “Website”). Through the Website, we provide services (the “Service”) described explicitly and comprehensively in the Terms of Service available at https://medicaldevicehq.com/terms-of-service-web-services. Unless otherwise defined in this Privacy and Cookies Policy, the terms used in this Privacy and Cookies Policy have the same meanings as in our Terms of Service. Medical Device HQ acts as the controller of any personal data collected and processed in connection with use of the Website.

All our activities connected with the Website comply with the applicable data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

The main goal of this Privacy and Cookies Policy is to inform you how and for what purpose we process personal data in connection with your visit to and use of the Website.

Why we collect and process data

We collect and process your data to ensure and improve the functioning of the Website.

We collect and process your personal data, (i.e. information that identifies, or at least makes it possible to identify, you as a natural person) when you voluntarily decide to create an account on the Website, order the Service, decide to leave us your feedback regarding our Service or email us.

Furthermore, we collect and process certain technical data generated as a result of your visiting the Website. Such data may also be considered personal data.

“Processing” means any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, disclosure, erasure or destruction, or other use.

When you are using the Website on your own behalf, but in aid of a third party, remember to obtain appropriate authorisation before providing this data.

 

What data we collect and process

We collect several different types of information for various purposes to provide and improve our Service. The types of information we collect and process depend on the types of Services we provide via the Website. We collect and process your personal data:

  • when you create an account,
  • when you register and attend a Classroom Session,
  • when we enter into a contract (non-checkout/no form),
  • when you leave a review or testimonial,
  • when you sign up for a newsletter,
  • when you register and take an online course,
  • when you submit an inquiry about our Services,
  • when we provide e-mailing support,
  • when you browse the Website,
  • when you sign up for the Professional Plan,
  • when you make a purchase on the Website,
  • to protect against and/or recover claims.

 

Account Creation:

When you ask us to create your account, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address
  • IP address.

Where your personal data is collected and processed for the purpose of creating your account, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the account is deleted and/or there is our legitimate interest, in any case for no more than ten years from the deletion of the account.

 

Classroom Session Registration and Attendance

When you want to register and attend a Classroom Session, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address,
  • title,
  • user name,
  • nickname,
  • password,
  • image of user
  • IP address.

Where your personal data is collected and processed for the purpose of Classroom Session registration and attendance, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the account is deleted and/or there is our legitimate interest, in any case for no more than ten years from the deletion of the account.

 

Entering into a Contract (non-checkout/no form)

When we enter into a contract outside of the check-out or form, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address,
  • IP address.

Where your personal data is collected and processed for the purpose of entering into a contract outside of the check-out or form, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the contract is terminated and/or there is our legitimate interest, in any case for no more than ten years from the termination of the contract.

 

Review or Testimonial:

When we enter into a contract under which you can provide us with a review or a testimonial, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address,
  • IP address,
  • username,
  • nickname,
  • image of the user.

Where your personal data is collected and processed for the purpose of entering into a contract to provide us with a review or a testimonial, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the contract is terminated and/or there is our legitimate interest, in any case for no more than ten years from the last action performed.

 

Newsletter

When you sign up for a newsletter, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • IP address.

Where your personal data is collected and processed for newsletter purposes, the legal basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR).

Data will be processed until the consent is withdrawn, in any case for no more than fifteen months from the last action performed.

 

Online Course Registration and Participation

When you want to register and participate in an Online Course, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address,
  • user name,
  • nickname,
  • password,
  • image of the user,
  • title,
  • IP address

Where your personal data is collected and processed for the purpose of Online Course registration and participation, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the account is deleted and/or there is our legitimate interest, in any case for no more than ten years from the last action performed.

 

Service Inquiry

When you want to submit an inquiry about our Services, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • IP address

Where your personal data is collected and processed for the purpose of submitting an inquiry about our Services, the legal basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the purpose of contact is achieved, until consent is withdrawn and/or there is our legitimate interest, in any case for no more than three years from the last action performed.

 

E-mailing Support

When you require e-mailing support, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • IP address

Where your personal data is collected and processed for the purpose of e-mailing support, the legal basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR), our legal obligation (legal basis under Article 6(1)(c) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR).

Data will be processed until the purpose of contact is achieved, until consent is withdrawn, there is our legal obligation and/or legitimate interest, in any case for no more than three years from the last action performed.

 

Website browsing:

When you browse our Website, we collect and process the following data:

  • IP address.

In this case, your personal data are collected and processed for the purpose of presenting relevant information to you on the Website and improving the Service, and the legal basis is our legitimate interest (legal basis under Article 6(1)(f) of GDPR) understood as a necessity to improve the Service we provide to you.

We also take advantage of marketing services to analyze your behaviour for the purposes of optimizing the functioning of the Website, as well as for optimizing our advertising activities. In particular, we take advantage of technologies such as Meta Cookies, Google Analytics, Google Ads, and LinkedIn Insight Tag (as the case may be from time to time).

In such a case, the data is collected and processed for marketing purposes. The legal grounds for processing is our legitimate interest (legal basis under Article 6(1)(f) of GDPR) understood as the desire to reach as many users and customers as possible, to promote our Services and thereby develop our business.

Data will be processed for as long as the Services are provided, until an objection is submitted or until a change is made to your browser’s settings or in your profiles.

When you use the Website and our Services, we may perform analytics to improve our Services, and the legal basis is our legitimate interest (legal basis under Article 6(1)(f) of GDPR) understood as the need to provide services and products of the highest quality corresponding to the needs of users, to develop software functionality, to improve its accuracy and correctness;

Data will be processed until:

  • you raise an objection or change your browser settings,
  • the analysis is carried out and the purpose is achieved,

whichever comes first.

 

Signing up for the Professional Plan

When you want to register and participate in an Online Course, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address,
  • IP address.

Where your personal data is collected and processed for the purpose of signing up for the Professional Plan, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the account is deleted and/or there is our legitimate interest, in any case for no more than ten years from the last action performed.

 

Making a purchase on the Website

When you want to make a purchase on the Website, we will collect and process the following personal data:

  • e-mail address,
  • name and surname,
  • phone number,
  • address,
  • nickname,
  • IP address.

Where your personal data is collected and processed for the purpose of making a purchase on the Website, the legal basis is the need to perform the contract (legal basis under Article 6(1)(b) of the GDPR) and the legitimate interests pursued by the controller (legal basis under Article 6(1)(f) of the GDPR). Data will be processed until the account is deleted and/or there is our legitimate interest, in any case for no more than ten years from the last action performed.

 

Protection against claims and recovery of claims:

We may process your personal data to assert or defend against possible claims related to the collection or processing of your personal data and such processing is based on a legitimate interest (Article 6(1)(f) GDPR), understood as the possibility to assert or defend against claims.

The data will be processed until the statute of limitations for the respective claims has expired.

 

What we can do with your data

We work with some third parties and they may have access to some of the information about you that we collect and process. The recipients of your personal data may include:

  • entities authorised by law on the basis of a proper request (courts, state authorities);
  • entities providing auditing, accounting, IT, marketing, communication, analytical and legal services, including Google and Facebook;
  • subcontractors with whom we cooperate.

Your information, including personal data, may also be transferred to — and maintained on — computers located outside of the European Economic Area, where the data protection laws may differ from the GDPR.

If we provide personal data beyond the European Economic Area, and in particular to any third countries, such provision will take place on the basis of appropriate legal mechanisms, such as Adequacy Decisions of the Commission (EU), applicable standard contractual clauses, or other similar legal instruments specified in the GDPR.

To ensure that you have adequate control over your personal data transferred outside the European Economic Area, you will have the right to obtain a copy of your personal data transferred to third countries at any time.

 

Your rights concerning data

You have the following rights under the GDPR:

  • The right to request access to your data and to receive a copy of your data: whenever possible, you can access, update or request deletion of your personal data;
  • The right to rectify (correct) your data: you have the right to have your information rectified if that information is inaccurate or incomplete;
  • The right to erasure: you have the right to erasure regarding data that are no longer required for the original purposes or that are processed unlawfully;
  • The right to restriction of processing: you have the right to restriction of processing regarding data which are pending decision on erasure or, in justified cases, you do not want them to be erased;
  • The right to data portability: you have the right to be provided with a copy of the information we have regarding you in a structured, machine-readable and commonly used format;
  • The right to object: you have the right to object to our processing of your personal data – upon your justified objection, we will cease any further processing under Article 6(1)(f) of the GDPR;
  • The right to withdraw consent: you also have the right to withdraw your consent at any time where we relied on your voluntary consent to process your personal information;
  • The right to lodge a complaint about our collection and use of your personal data with the competent supervisory authority.

To exercise your rights described above, you may send appropriate requests to the following e-mail address: support@medicaldevicehq.com, send them to our correspondence address given above, or submit them in person at our registered office. Bear in mind that, before responding to your request regarding exercising your rights, we may ask you for proof of your identity. If you want to withdraw your consent to data processing, you can also click on the hyperlink entitled “unsubscribe” in the content of the e-mail correspondence.

Withdrawal of your consent to data processing has no impact on the legality of data processing that had taken place under the consent granted before the effective withdrawal thereof.

 

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

 

Cookies

We use cookies and other similar technologies (collectively “Cookies”) on our Website to improve the performance of the Website and its features and to create a better user experience for the Website users.

Detailed information can be found in our Cookie Policy (EU).

 

Social media plug-ins, online marketing services and services rendered by third parties

 

Online marketing services

Based on legitimate interest, being the analysis, optimisation, and economic operation of our activities, as well as the analysis of your behaviour to optimise our Website and advertising, we use the following online marketing services:

 

Meta Cookies:

Our Website uses cookies provided by Meta Platforms Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA.

Meta uses cookies and obtains information about you visiting our Website, including information about your device and your activity, without any further action on your part. It happens regardless of whether you have a Facebook account and are logged in.

Detailed information on the Meta Cookies and the way your data is collected and processed can be found here: https://www.facebook.com/privacy/policies/cookies/

 

Google Analytics:

Our Website uses Google Analytics, a web analytics service offered by Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). Google Analytics uses the data collected to track and monitor the use of our Service. This data are shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

 

Google Ads:

Our Website uses Google Ads, an online advertising programme offered by Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). Google Ads uses the data collected to enable interest-based advertising. It allows us to customise search ad campaigns for users who have visited our Website.

You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=en 

 

LinkedIn Insight Tag:

Our Website uses a marketing tool available through and provided by LinkedIn Corporation, 605 W Maude Ave, Sunnyvale, CA 94085, USA, which is LinkedIn Insight Tag. The LinkedIn Insight Tag is a source code fragment added to our Website.

This tool makes it possible to track your behavior and activity when you are redirected to our Website, having seen or clicked on a LinkedIn ad. This process is designed to evaluate the effectiveness of LinkedIn and our advertisements for statistical and market research purposes and may help to optimise future advertising efforts. Information gathered using this tool allows LinkedIn to provide you with personalised ads when using LinkedIn.

The LinkedIn Insight Tag establishes a direct connection with LinkedIn servers when you visit our Website. LinkedIn is therefore informed that you visited our Website and may assign this information to your LinkedIn account.

The data collected using the LinkedIn Insight Tag tool is anonymous with respect to us and cannot be used to identify you. The data is, however, stored and processed by LinkedIn, which means that they can be linked to the respective LinkedIn account. LinkedIn can use the data for its own advertising purposes, according to the LinkedIn Privacy Policy and the LinkedIn user’s profile settings. LinkedIn has ultimate control of any data gathered through this tool. However, you can opt out of LinkedIn’s use of the LinkedIn Insight Tag by adjusting the settings available on your LinkedIn account.

 

Behavioral Remarketing

Medical Device HQ uses remarketing services to advertise on third-party websites to you after you have visited our Website. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Website.

 

Services rendered by third parties

We may employ third-party companies and individuals to facilitate our Service,  provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Within our organisation your personal data is processed only by authorised persons.

 

Payments

We may provide paid products and/or services within the Service. When purchasing a product through check-out, the products are sold by an authorised re-seller, depending on which country you are buying from. The re-seller has its own terms of sale and privacy policy as shown on the check-out page.

We will not store or collect your payment card details. That information is provided directly to our re-seller whose use of your personal data is governed by its Privacy Policy.

 

Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

 

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

 

Changes to This Privacy and Cookies Policy

We may update our Privacy and Cookies Policy from time to time. We will notify you of any changes by posting the new Privacy and Cookies Policy on this page.

You are advised to review this Privacy and Cookies Policy periodically for any changes. Changes to this Privacy and Cookies Policy are effective when they are posted on this page.

By continuing to access or use the Website and the Services we render through it, once those changes take effect, you agree to be bound by the revised Privacy and Cookies Policy. If you do not agree, you must cease using our Website immediately.

 

Contact Us

If you have any questions about this Privacy and Cookies Policy, please contact us:

Get in touch to receive proposal for customised training

When you submit this form, your personal data will be processed in accordance with our privacy policy.