Privacy policy

The MedicAlert Foundation is a registered charity no: 233705

MyMedicAlert
Basket⁰
- No items in basket
- View Basket

Join

Privacy

We take your data seriously which is why we are Cyber Essentials Plus accredited, we recommend that you take a few minutes to read our Privacy Policy to understand how we may use your data.

The purpose of this privacy notice is to give you information on how The MedicAlert Foundation collects and processes your personal data, including any data you may provide through this website when you purchase a product or service.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

We will use your data for the purpose it was collected and, where we have your consent or an appropriate lawful basis, may use your personal information to provide you with marketing information about services, promotions and offers that may be of interest to you.

When you interact with us or when you purchase the products and services we offer, we may share the collected data with third party online advertising networks in order to run marketing campaigns, for example using social media campaigns.

This is used to display targeted ads on or through our Website or on other websites or apps, and to run our marketing and re-marketing campaigns, including on social media platforms. We or the online advertising networks use this information to make the advertisements you see online more relevant to your interests.

Where your data is transferred outside of the UK/EU we ensure that your data is protected at all times.

Who we are

We are The MedicAlert Foundation and we are the data controller and responsible for your personal data. We can be contacted using the following details:

Address: Suite 1, Liscombe South, Liscombe Park, Soulbury, LU7 0JL

Email: DPO@medicalert.org.uk

Telephone number: 01908 951045

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, the first point of contact is the policyholder if you require further assistance including any requests to exercise your legal rights in respect of your data, please contact our Data Protection Officer (‘DPO’). Our DPO is contactable via: DPO@medicalert.org.uk

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is Instant EU GDPR Representative Ltd. They can be contacted using the following details:

Address: INSTANT EU GDPR REPRESENTATIVE LTD,
Office 2, 12A Lower Main Street, Lucan Co. Dublin, K78 X5P8, Ireland

Email: Adam Brogden contact@gdprlocal.com

Telephone number: +35 315549700

Our legal grounds for handling your personal data

The UK’s data protection laws allow us to use your personal data provided we have a lawful basis to do so. This includes sharing it in certain circumstances, as described below.

We consider we have the following reasons (legal bases) to use your personal data:

Performance of contract with you:
we need to use your personal data to be able to carry out or benefit from the terms of a legal contract which we have entered into with you.
Legitimate interests:
these are our business and commercial reasons for using your data, which we have balanced against your interests. We have certain legitimate interests in using your data which are not outweighed by your interests, fundamental rights or freedoms. These legitimate interests are to help development and improvement of our products or service, membership expansion, improving our understanding of our members, prevent and detect financial crime and to assist our compliance with the legal and regulatory requirements placed upon us.
Your consent:
we may also use your data when you consent to it. You can withdraw this consent at any time, in which case we will cease to use it, unless we have a right and a need to continue processing it for one of the other reasons set out above.

More information on how we use your personal data and for what purposes is set out below.

What personal data is collected about you and how we collect it

We may collect data about you from the following sources:

Data provided by you:

When you apply for our products and services and throughout the course of our dealings, the data you provide may include, but not be limited to:
- Your name, postal and email addresses, contact telephone numbers, date of birth, occupation, bank account details, IP address, National Insurance Number.
- Contact details (Name, Address, Contact number etc. relationship to you) for any person you nominate as an advocate or person we should contact in the event of an emergency.
- Your General Practitioner details (name, address, contact number etc.), details of any hospital (name, address contact numbers etc.) under whose care you are registered, and contact details for any other competent registered physician currently treating you.
- Your medical information (including any diseases or conditions that you are suffering from, any medication being taken by you and any treatment being undergone by you.
- Contact details (including relationship) for any person nominated as an “Advocate” for you.
- Documents you ask us to store on your record which may include but not be limited to details of medical conditions, medical history, implant details, treatment preferences and requests
When you talk to us: for example on the phone, or in person including call recordings and voice messages. We may monitor or record calls with you to check we have carried out your instructions, to resolve queries or disputes, to improve the quality of our service or for regulatory or fraud prevention purposes
In writing: for example letters, emails, texts and other electronic communications.
Online: for example when you use our website or mobile app.
In financial reviews, for renewals and in any surveys etc.

Data we collect when you use our services:

Transaction data: for example what sort of products you are selecting, the length of term.
Payment data: for example, the amount, origin, frequency, history and method of your payments
Usage and profile data: for example, the profile you create to use our website and mobile app and how you use it. We gather this data from the devices you use, using cookies and other software
Details of use of our emergency service line: dates, circumstances, outcome
Changes and updates to previously supplied data

Data provided by third parties:

Data from persons that introduce you to us: for example other charities, partner organisations, your employer, NHS clinics, general practitioners

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Why personal data is collected by us

We collect personal data from you for many reasons including:

Activity	Legal basis	Legitimate interest
exercising our contractual rights and obligations	contract performance
pre-contractual checks post-contractual checks customer service account management	contract performance legitimate interests legal duty consent	verifying identity maintaining up to date records seeking consent where relevant business efficacy risk management
product analysis and development business development profiling, statistical and analytics	legitimate interests contract performance	business efficacy risk management product development
regulatory and legal requirements managing risks business management and operations, including record keeping	legitimate interests legal duty contract performance	business compliance business efficacy risk management
marketing research	consent legitimate interests	business development business efficacy brand management

From time to time we may contact you to ask for your consent to use your personal data for other purposes. Your personal data may also be used for other purposes where required or permitted by law.

From time to time we may provide your information to our partners, third parties and customer service agencies for research and analysis purposes so that we can monitor and improve the services (or as the case may be) we provide. We may contact you by post, e-mail or telephone (or as required) to ask you for your feedback and comments on our services (or as the case may be).

From time to time we may also contact you about our other goods or services that may be of interest to you.

When personal data is shared

We may discuss your Personal Information with your nominated and named individuals either on your behalf (in the case of Advocates) or in response to an emergency.

If MedicAlert receive a call as part of the Emergency Service from a competent registered physician or emergency service provider then, after appropriate security checks have been undertaken, your Personal Information will be shared with them in order to assist in the provision of suitable medical care and to respond to the emergency.

Your data may be accessed by a third party, contracted to MedicAlert to operate the MedicAlert 24/7 emergency line, on a read-only basis with appropriate security provisions enacted.

If MedicAlert receive a call as part of the Emergency Service from a competent registered physician or emergency service provider in another country, MedicAlert will provide such a physician or service provider with Your Personal Information as we would in the UK. In these circumstances it is understood, by all parties, that as a result your personal information may be exported to areas outside of the EU jurisdiction. You agree that in such circumstances, Your Personal Information may be exported outside the EU.

If, in the future, we sell, transfer or merge all or part of our business or assets, including the acquisition of other businesses, we may share your data with other parties. We will only do this if they agree to keep it safe and private and to only use it in the same ways as set out in this notice.

Consequences

If you fail to provide us with data, this may delay or prevent us from entering into a contract with you and or comply with our obligations.

If you fail to keep us informed of any changes or updates to data you have provided us with or additional information which is relevant to your medical condition or personal circumstances then this may compromise our ability to provide an effective and efficient service to you.

If you have any questions about the above, please contact us on the details in Section 1

What choices and rights you have

Your personal data is protected by legal rights, which include your right to:

object to our controlling and processing your personal data;
object to our sharing of your personal data with others or with certain organisations;
request that your personal data is erased or corrected or that its processing be restricted;
request access to your personal data and for it to be given to you in a portable format;
request that we transfer your personal data to another company;
request that we confirm what personal data we currently control and/or process in relation to you.

There may be reasons why we need to keep or use your data, but please tell us if you think we should not be processing your data.

For further information on how your information is used, how we maintain the security of your information and your rights in relation to it, please contact DPO@medicalert.org.uk

If you are unhappy about how your personal data has been used by us please contact us and we will send to you our Complaints Policy. You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data. You can contact them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, on 0303 123 1113 or by email to casework@ico.org.uk. See also https://ico.org.uk/global/contact-us/

How long personal data is kept

MedicAlert retains the personal Information in accordance with the Retention and Destruction Policy In summary, MedicAlert will keep your personal data (as indicated above) for as long as the membership service fee is paid, and for a period of 6 months after the membership has lapsed. At this point the record will be completely anonymised so it cannot personally identify you.

Information used for marketing purposes will be kept by MedicAlert until you unsubscribe from the service.

Data storage location

All Personal Data is controlled by The MedicAlert Foundation and this information is located on servers within the UK.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies

To give you the best, most personalised online experience we use cookies. You can view the cookies used by us in our cookie policy page, please see our cookie policy here.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

This site uses different types of cookies. Some cookies are placed by third-party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Direct marketing

We can only use your personal information to send you marketing information if we have your consent or a legitimate interest. A legitimate interest will usually be a commercial reason which cannot be used unfairly against you.