Meplis was built as a patient-centric health collaboration platform and acts as the Data controller and Data processor of your information as defined under “GDPR”.
“GDPR” or “General Data Protection Regulation “(EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) is the basis for the Meplis Privacy Policy.
When using our services, you entrust us with your most personal information. We totally understand the importance of this matter, that is why we work so hard to protect your information and place you in the control of your data.
This Privacy Policy is meant to help you understand which data we collect and why we collect it, what we do with it and how long it is kept by us. This is important; we hope you will take your time to read it carefully. Please remember that you can find controls to manage your information and protect your privacy and security at My Account.
Meplis acts as Data Controller when you visit our own Meplis branded sites, create your Meplis Account, License a Meplis Service as a Customer or when we collect technical data about the application performance. When you use our services, we want to be clear and transparent about how we use your information and the ways we protect your privacy.
We act as Data processors when you are Accessing and/or Interacting with content belonging to or controlled by a Meplis Customer as being made available to You by or on behalf of that Meplis Customer through the Meplis Products and Services. When You share information with us through for these purposes: to search for, share and view information, to communicate with other people, to create new content and send information through a website or mobile application from our Customers. For example, by answering some questions in a follow-up program of a Meplis Care Monitor Customer or by reading content and completing a survey on a Meplis Campus Customer website or Mobile application using our system, the Data Controller of that information is the organization which asked those questions, we only facilitate these processes. The organization which is the Data Controller of your information in our services is referred as “Tenant”.
Our Privacy Policy explains:
- What information we collect, why we collect it and how long your data are kept;
- How we use that information;
- How we protect your information;
- The choices we offer you to manage your data, including how to access and update, and how to request a copy or the deletion of all your data;
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, pixel tags, and browsers, then read about these key terms first. Your privacy matters to Meplis, so whether you are new to Meplis or a long-time user, please do take your time to get to know our practices – and if you have any questions contact us.
We collect information to provide better services to all of our users – from figuring out basic topics like which language you speak and where you are from, to more complex matters, like your gender.
We do not collect any personal data when you are not signed in with a Meplis Account
We only collect performance data that will help us to better understand how our services are being used and to do possible optimizations in products or design. For these ends, we use a variety of tools, including Google Analytics and Linkedin LMS Analytics.
The information we collect when you are signed in to Meplis System, in addition to the information we obtain about you from partners, will be associated with your Meplis Account and all these data is treated as personal information. For more details about how you can access, manage or delete information that is associated with your Meplis Account, visit the Transparency and choice section of this policy.
All our services require you to sign up for a Meplis Account. In the sign-up form, we’ll ask for some personal information, such as your name, email address or telephone number. You can also choose to add other profile information to your account, like your birthday, bio or photo. Meplis is the Data Controller for those data.
We also collect information that you provide when using our services. These data are things like surveys, exams, contents you read, information you share on Meplis Campus, and all the text and media data provided when answering the follow-up programs on Meplis Care Monitor. Although Meplis is only a data processor in those situations. We ensure that each Tenant provides a privacy policy.
We collect information about the services that you use and how you use them, like when you watch a course on Meplis Campus, visit a website that uses Meplis Account, or when you view and interact with our content. This information includes:
When you use Meplis Services, we collect device-specific informations, such as:
- hardware model;
- operation system version and browser version;
- application version;
- crash data;
- unique identifiers;
- browser language;
- device settings.
As with most technology services delivered over the Internet, our servers automatically collect information when you access or use our Services and record it in log files. These log data may include the Internet Protocol address, the address of the web page visited or api resource requested, date and time when the resource was accessed and browser type.
When you use Meplis services, we may collect and process information about your actual location. We use various technologies to determine location, including Internet Protocol address and Global Positioning System (GPS).
COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies (Local Storage, Session Storage, Cache Storage, Databases and Web SQL) in our services. You can also configure your browser to block all cookies from a specific domain or all domains, but remember, that our services rely on these technologies to function properly, for things like remembering your preferences and others.
Our websites and services may also include tracking technologies of third parties, those may uses cookies and similar technologies, which may collect some performance data, that help us to better understand how our services are being used, possible products and design optimization, for that we use a variety of tools to do this, including Google Analytics and Linkedin LMS Analytics.
We use the information we collect from all our services to deliver our services, like delivery of content (such as images, videos and others) in the quickest way possible, engage in a health community using Meplis Campus, delivery of blended content on Meplis Campus, enroll in a care coordination process.
Your information also helps us to ensure that our services are working properly, such as tracking outages or troubleshooting issues reported to us. Our systems are also being monitored all the time, looking for possible problems or issues that can bother your experience and if we find something wrong, that collected information allows us to fix it as quick as possible. These informations also allow us to create new features and improvements in our systems to deliver the best experience to you, as an example understand why some tasks take so long and simplify some process and make our products better for everyone.
We also use your information to optimize your experience using our services, as an example; based on your location we can redirect you to the nearest server and define which video or image format we will stream to you based on your connection quality and your device/operating system, reducing the waiting time.
We may use the information you provide for your Meplis Profile across all of the services we offer that require a Meplis Account, once you agree on that. In addition, we may replace past names associated with your Meplis Account so that you are represented consistently across all our services.
When you contact Meplis, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
Our Tenants may use the collected information to provided personalized content or education, support you in a health treatment, support you in preventive health monitoring, guide you in a health treatment. As previously described, in that situation Meplis acts as a Data Processor. However, we only will share your information or allow you to send information to one of your tenant after you have agreed with their privacy policy. We work to ensure that all our Tenants have a proper privacy policy that clearly describes how they use your information.
DATA RETENTION
Each information type we collect has a specific retention policy. Some data are deleted automatically based on a predetermined period of time and some are stored for an undetermined period of time, you can ask for their deletion when you find necessary.
We will keep your Meplis Account data until you choose to remove it. Once you decide to remove your Meplis Account all your informations related to any of ours Tenants will be also removed, those Tenants who acts are Data Controller of your information will be notified about your decision and they will have the possibility to keep an anonymous version.
In some cases, rather than provide a way to delete data, these data are stored for a predetermined period of time.
- Crash data – 60 days
- Tracking information – 26 months
- Cookie information – 12 months
Some of this information may be anonymized after this period and kept for as long as necessary for the purposes described in this Privacy Policy.
There are business and legal requirements that oblige us to retain certain information, for specific purposes, for an extended period of time reasons we might retain data for longer periods of time include:
- Ensuring the continuity of our services
- For Compliance with legal or regulatory requirements
- Security, fraud or abuse prevention
- Financial record
Meplis as Data Processor stores the data your provide to our Tenants to ensure the continuity of our services. These data will be retained as long as the Tenant is a Meplis Customer or if you request its deletion as mentioned previously. The Tenant, a Meplis Customer, keeps all information stored, based on his privacy Policy.
If the Tenant to whom you provide information cancels his contract with Meplis, we will retain these data for 90 days. During this period you will be in control of your information and may decide if you want to keep it linked with your Meplis Account. After this period and if the Tenant does not restore his contract with us, all this information will be deleted
We will never share your personal information with any other organization, individuals or companies, excluding the following situations:
WITH YOUR CONSENT
We will share your personal information with other organizations, individuals or companies with your consent, as an example when you enroll in a Care Monitor or Campus we will share your Meplis Account data with the Tenant. However before sharing this information, you will need to accept the Tenant’s Privacy Policy.
WITH THIRD PARTY SERVICE PROVIDERS AND PARTNERS
We may engage third party companies as service providers, business partners and affiliates to process information and support our business. This includes, virtual computing, storage services and customer support. These Third parties will process information based on our instructions, following our privacy policy and any other security and confidentiality measures.
WITH LEGAL ENTITIES
We will share personal information with companies, organizations or individuals outside of Meplis if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Meplis, our users or the public as required or permitted by law.
We may share non-personally identifiable information publicly and with our partners – like publishers, organizations and companies or connected sites. For example, we may share information publicly to show trends about the general use of our services.
If Meplis is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.
We work hard to protect Meplis and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- All information is encrypted while in transit to keep your data safe
- All information is encrypted at rest
- We offer you two step verification when you access your Meplis Account.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Meplis employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
If we detect any risk or strange activities that we think you should know about, you will be notified and we will guide you through steps to stay protected.
AGE LIMITATION
To the extent prohibited by applicable law, we do not allow use of our services by anyone younger than 18 years old without the consent of his legal guardians. If you know about anyone younger than 18 who has unlawfully provided us with personal data, please contact us and we will take the legal actions to delete this information.
DATA PROTECTION OFFICER
Meplis acts as a data controller for your Meplis Account data, as mentioned previously. Although we have no strict legal requirement to define a Data Protection Officer, due to the type and sensitivity and scale of data we control for your, we have chosen to do so anyway. You can contact our Data Privacy Officer at any time through the following channels;
Meplis Data Protection Officer
dpo@meplis.com
+32 16 225513
In case you have a question related to privacy of your data controlled by a Meplis Tenant, as explained above, please get in touch with the Data Privacy Officer as mentioned in the Tenant Privacy Policy.
RIGHT TO BE FORGOTTEN
You have the right to have all your information deleted, based on your request.
As we have mentioned before, all that you provided to Meplis as a processor is responsibility of one of our Tenants. If you have used a Meplis service and gave information to one of our tenants you have the right to delete this information.You can do that directly on our Tenant website, by requesting this from the Tenant or by managing your Meplis Account.
If you request to delete any personal information that you gave to one of our Tenants, we will inform them about your decision and answer you in up to 10 business days about what will be done. These 10 days are needed for our Tenants to contact you. After this period of time if you do not change your mind, your request will be processed and your personal data will be deleted respecting the legal time period.
DELETE YOUR MEPLIS ACCOUNT
To delete your entire Meplis Account, you can do this by visiting My Meplis Account. Once you delete your Meplis Account all information that you gave to any of our Tenants will also be deleted.
UNDESIRED EMAILS
As previously described, Meplis is not the Data Controller for data your provide through our Services to one of our Tenants, if you are receiving undesired emails, you can always unsubscribe using this option present in all emails sent using our Meplis Platform. If you have some doubts or still being contacted by one of our Tenants, please contact us and we will be pleased to help you.
EXCEPTIONS
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
We will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
DATA PORTABILITY
You can always request a copy of your information if you want to back-up or use it with a another service provider. You should perform that action on My Meplis Account and it will be exported respecting the legal time period.
DATA TRANSFERS
Meplis only transfers personal data outside of the European Economic area (“EEA”) if and when required by the third party service providers, third party technology providers, Meplis partners, as required for each such party’s specific task. Your personal information may be stored and processed in any country where we have facilities or service providers, and by using our Service or by providing consent to us (where required by law), you agree to the transfer of information to countries outside of your country of residence, including to the United States, which may provide for different data protection rules than in your country. Appropriate contractual and other measures are in place to protect personal information when it is transferred to our affiliates or third parties in other countries.
Some non-European Economic Area (EEA) countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have ensured that adequate measures are in place, including by ensuring that the recipient is bound by EU Standard Contractual Clauses, EU-US Privacy Shield Certification, to protect your Personal Information. You may obtain a copy of these measures by contacting our data protection officer in accordance with the “Contacting Us” section below.
TRANSPARENCY AND CHOICE
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
- Review and control certain types of information tied to your Meplis Account by using Meplis Dashboard.
- Adjust how the Profile associated with your Meplis Account appears to others.
- Control who you share information with through your Meplis Account.
- Take information associated with your Meplis Account out of many of our services
Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction.
WHEN THIS PRIVACY POLICY APPLIES
Our Privacy Policy applies to all of the services offered by Meplis N.V. and its affiliates, services Meplis provides on mobile devices, and services offered on other sites but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.
Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include Meplis services, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies and other technologies to serve and offer relevant content.
COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES
We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
Meplis NV, located at Diestsesteenweg 31, Linden, Vlaams-Brabant 3210, Belgium is the company responsible for collection, use, and disclosure of personal information under this Privacy Policy.
If you have any questions about this Privacy Policy, please contact us via sending an e mail to contact@meplis.com , or please write to the following address:
Meplis NV
Diestsesteenweg 31
Linden
Vlaams-Brabant
3210
Belgium
LODGING A COMPLAINT WITH A REGULATOR
You may lodge a complaint with a supervisory authority competent for your country or region. Please click here for contact information for such authorities
CHANGES
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
We keep your personal information private and safe — and put you in control.
INFRASTRUCTURE SUBPROCESSORS
We may use the following subprocessors to host your data or provide other infrastructure that helps with delivery of our Services:
Company |
Activity |
Country |
Amazon Web Services Inc. |
Cloud Service Provider |
United States |
OTHER SUBPROCESSORS
We may use the following subprocessors to perform other Service functions:
Company |
Activity |
Country |
Avenue 81 Inc |
Cloud-based customer notification |
United Kingdom |
Drift.com Inc |
Cloud-based customer communcation |
United States |
Stripe Inc |
Cloud-based payment service |
United States |
Zoho Corporation |
Cloud-based customer relationship management |
India |
Salesforce.com Inc. |
Cloud-based customer relationship management |
United States |
AFFILIATES
Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, we may also engage one or more of the following Affiliates as Subprocessors to deliver some or all of the Services provided.
Company |
Country |
Meplis Brasil Inteligência em Saúde Ltda. |
Brazil |