Privacy Policy

Global Medical Treatment t/a InDesk (“we”) are committed to safeguarding the privacy of our website visitors and registered users of the InDesk platform; this Notice sets out how we will treat your personal data when we act as the controller of that data and when its processing is governed by the EU General Data Protection Regulation (GDPR), which came into force on 25th May 2018 (a copy of the GDPR is available here).

Topics:

Definitions

We use the term “personal data” to refer to any information collected or processed by, or in connection with, this website or the platform, that directly, or indirectly, identifies you or factors specific to you, such as your name, IP address or user preferences.

Below we describe “lawful grounds” for processing your personal data. These lawful grounds (sometimes also referred to as “legal basis”) are the justification under GDPR for the processing of your personal data. If there are no lawful grounds for processing your personal data neither we nor anyone else is permitted to access or process your personal data.

Lawful grounds

If you are a registered platform user, or a website user, the lawful grounds for processing your Collected Information is our legitimate interest in understanding how users interact with this website and the platform, and to improve how we promote our products and services. These are described in more detail in the sections on how and what data we collect and how we use it.

What personal data do we collect?

We may collect, store and use the following kinds of information and personal data (“Collected Information”):

  • Information and personal data about your visits to and use of this website and our platform. We collect data about your computer and your visits to this website or the platform, including your IP address, geographical location, browser type, referral source, length of visit, and number of page views, all of which are also Collected Information.

  • Information about any transactions carried out between you and us on this website, including information relating to any purchases you make of our goods or services. Depending on your type of interaction, we may collect:

    • Contact information (where provided: First and last name, title, email, phone, address, postcode)
    • Connection data (IP address, browser type, user agent)
    • Localisation data (geographical location)
    • Application usage data (referral source, length of visit, number of page views)
    • Information relating to your enquiries made to clinics
    • Email communication data, if made via our platform/service
    • Phone call and call recording data, if made via our platform/service
    • WhatsApp and SMS communication data, if made via our platform/service.
    • Payment information, if you provide it via secure connection in order to pay a deposit to a clinic. This data is automatically purged once the transaction is complete.
  • Information that you provide to us for the purpose of registering with us on the website or platform and/or subscribing to our website services and/or email notifications. We collect first and last name, email address, and phone number for these purposes.

How do we collect your data?

You directly provide us with most of the data we collect. We collect data and process data when you:

  • Use our website to contact us.
  • Voluntarily complete a customer survey or provide feedback on any of our social media platforms or via email.

We may also receive your data indirectly from the following third-party sources:

  • Clinics using our service may redirect their phones, emails, messaging services, or webforms to us, or may import it directly to our CRM system.

How will we use your data?

Collected Information, including personal data, will be used to:

  • Assist you with your enquiry with the clinic you have personally selected to contact;
  • Administer and improve this website's and the platform's usability
  • Where you have consented, send you marketing and other communications relating to our business or the businesses of carefully selected third parties which we think may be of interest to you by post, by email or similar technology, We use Campaign Monitor for this purpose;
  • Provide other companies with statistical information about our users. Information we provide to other companies will not identify any individual user. We use Google Analytics for this purpose.
  • Allow us to see deliverability information of communications sent. We use a third party, MailGun, to route emails between our Clinics and Users and vice versa; We have a similar system for phone calls, SMS, and WhatsApp, routing them through a company called Twilio. We notify users that calls are recorded. 
  • Collect feedback about our own services from independent third-party companies. We use Trustpilot for this purpose.

Sharing collected data

We may share Collected Information about you:

  • Clinics may third-party service providers to manage their bookings, and patient data. Only the data you have provided will be shared. Please check the clinics’ own website to see which providers they use prior to making your enquiry, we are not responsible for the Privacy Policies of clinics or third-party service providers. 
  • To enable our third-party sub-processors to provide data centre hosting services (AWS), database hosting services (AWS), dialer infrastructure services (Twilio), email sync services (Mailgun), software integration services (Zapier), and to enable our third party processors to provide sales and marketing operations services (Campaign Monitor, YesWare, Google Analytics, TrustPilot);
  • To enable our partners, 121BPO, with whom we have a NDA, to respond to user enquiries and maintain clinic data;
  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

How do we store and secure your data?

We will take reasonable precautions to prevent the loss, misuse, or alteration of your personal data. Our website uses HTTPS, which ensures secure transmission of data from your browser to our servers. We will store all the personal data you provide or that we collect about you on our secure servers. Our servers are hosted on AWS in Dublin, Ireland. Sensitive data is encrypted and access is restricted. Personally identifying information is anonymised where used for test or training purposes.You are responsible for keeping your passwords confidential. We will not ask you for your passwords to our platform or services.

Retention of data

We retain essential personal data related to your use of the website or the platform until this data is requested to be purged from our systems by you or an authorised member of your organisation. Your data protection rights are described in more detail below. If you would like to request access, rectification, transfer, or erasure of your data please contact us.

We regularly conduct internal audits to purge data that is no longer relevant or for which the purpose has been fulfilled.

Server log files are automatically purged after one year.

Access to your data

If you use this website, upon request, we will grant you access to your personal data and allow you to correct, amend or delete information that we hold on you. See Contact Us details on our website.

If you are a platform user, we depend on you to update and correct your personal data to the extent necessary for the purposes for which that data was collected, such as contact information you provide to us so that we can provide you with invoicing information.

What are your data protection rights?

You are entitled to have any inadequate, incomplete, or incorrect personal data corrected (that is, rectified).

You also have the right to request access to your personal data (including receiving a copy thereof) as well as additional information about how the data was processed.

If we ever process your personal data, with the lawful grounds of your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Furthermore, you are entitled to have your personal data erased under certain circumstances.

As of May 25, 2018, you also have the following additional rights:

  • Data portability – if ever we rely (as the lawful grounds for processing) upon your consent or the fact that the processing is necessary to perform a contract to which you are a party (such as making an enquiry), and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided us in a structured, commonly used and machine-readable format, and also to require that it be transmitted to another controller where this is technically feasible.o contact us.
  • Right to erasure – you are entitled to have your personal data erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see below) or where personal data is unlawfully processed, provided that applicable law does not provide otherwise.

  • Right to restriction of processing – you have the right to restrict the processing of your personal data (that is, allow only its storage) where:

    • you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
    • where the processing is unlawful but you do not want us to erase the personal data;
    • Localisawhere we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defence of legal claims; ortion data (geographical location)
    • where you have objected to processing, justified on lawful grounds (see below), pending verification as to whether we have your permission to continue processing.

Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defence of legal claims.

  • Right to object to processing (including profiling) based on lawful grounds – where we rely upon legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defence of legal claims, or an applicable law requires otherwise.
  • Right to object to direct marketing (including profiling) – you have the right to object to our use of your personal data for direct marketing purposes (including profiling).

You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes an applicable law.

You may contact us if you wish to exercise any of your rights in respect of your personal data processed by this website or the platform. If you make a request, we have one month to respond to you. 

Please Contact Us for any further information or to make a request.

Marketing

If you have agreed to receive marketing, you may always opt out at a later date. If you no longer wish to be contacted for marketing purposes, please click here

Cookies and other tracking technology

We use cookies on this website. A cookie is a text file sent by a web server to a web browser and stored by that browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may send one or more cookies which may be stored by your browser on your computer. The information we obtain from cookies is part of the Collected Information. Our advertisers and service providers may also send you cookies.

Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.) This will, however, have a negative impact upon the usability of many websites, including this one.

To improve our services and this site, we may retain third-party service providers to operate this site and help us monitor, collect and analyse information regarding your interactions with this website and data you input, including through the use of such providers’ cookies on your computer.

For more information about cookies and other tracking technologies we use, please see our Cookies Policy or visit allaboutcookies.org.

Privacy policies of other websites

The website contains links to other websites. We are not responsible for the privacy policies of third-party websites or such site operators’ actions including the collection or use of your personal data.

Changes to our privacy policy

We keep our privacy policy under regular review and place any updates on this web page. This privacy policy was last updated February 2024.

How to contact us

If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please contact us.

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Irish Data Protection Commission.