Medlens Ltd. (hereinafter “Medlens”, “we” or “us”) cares deeply about the privacy of its visitors and users, and is fully committed to protect their personal information and use it properly in compliance with data privacy laws. Our analytics service, designed and built with privacy in mind. It is a tool to help its users understand their ROI spend and track the best campaigns, without identifying individuals.
This policy describes how we may collect and use personal information, and the rights and choices available to our user who is a registered user, visits this website, or uses our Services (“User”)or visitors of User’s website or platforms whose data is collected by the User (“Visitors”).
We strongly urge you to read this policy and make sure you fully understand it, before you access or use any of our services.
1. PLEASE READ CAREFULLY!
2. Medlens’s SERVICES
Our Services are designed to enable you to learn more about your Visitors, use your website or product by giving you the ability to collect information based on their interaction. Medlens does this in part using a first party cookie placed on your Visitors’ device from your server. Some information is automatically collected from or about your Visitors when you use our Services. If you integrate the Medlens tracking code in your product or website it may by default collect Visitors data including but not limited to: the time of an event, the elements a Visitor has interacted with, metadata and other details about these elements, how a Visitor came to your site.
We collect, store, and use your Visitor data on our servers to provide you with the ability to better maintain and improve your Services. We may also use data in an aggregated form for our own purposes.
3. WHAT DO WE COLLECT AND RECEIVE?
We collect and receive such information regarding our Users, our Users’ Visitors, and anyone else who may provide it to us.
We collect and receive two types of information regarding our Users and Visitors:
- Un-identified and non-identifiable information pertaining to a Visitor or un-identified User, which may be made available to us, or collected automatically via his/her use of the Services (“Non-personal Information”). Such Non-personal Information does not enable us to identify the Visitor or User from whom it was collected or received. The Non-personal Information collected by us mainly consists of technical and aggregated usage information, such as the website the Visitor or User came from, Visitors’ and Users’ browsing activity on the Services, non-identifying information regarding the Visitor’s or User’s device, internet browser, the browser’s timezone, the country browsed from, referring/exit pages, date/time stamps, etc.
- Individually identifiable information, namely information that identifies an individual or may with reasonable efforts cause the identification of an individual, or may be of private or sensitive nature (“Personal Information”). Such information will just be collected once a User registers to receive the Medlens Services. The Personal Information collected by us mainly consists of contact details, such as the email address, and the website, which are only collected from Users, details regarding connected third party accounts (such as the e-mail or username for a connected Google or Facebook account), correspondences (including those made through or uploaded to our Services), and any other Personal Information provided to us by Visitors and/or Users through their access to and/or use of the Services.
3.1 Medlens Users
In order to receive the Services, Users will be required to register and provide us with certain data, including personal data such as their email address, and their website, as well as technical data referring to their usage of our Services, their internet connection, devices, systems and software used to access and use our Services.
It is each User’s voluntary decision whether to provide us with any such personal data, but refusal to provide any required data may result in us not being able to register the User and enable them to receive our Services as such data is necessary for us to provide the Services.
3.2 Users and their Visitors
The Users use our Services to track and analyze the characteristics and activities of their Visitors, and for such purpose connect Medlens’s tracking code with their site to collect and store certain data regarding their Visitors. Such data collected is only un-identified and non-identifiable information about which channel a visitor came from, which platform and browser is being used, the visitor’s behavior on the site, including button clicks and page visits and other non-identifiable information. Our Users may use our services to collect and analyze the data parameters provided.
Once such data parameters are collected, they enable us to provide the Services to our Users and enable the Users to analyze their website and online performance, as well as their Visitors’ habits and characteristics.
The same applies for un-registered Users to the Medlens website. We may collect the channel you came from, your browsing behavior, the platform you are browsing from and other Non-identifiable information.
We process this data to facilitate your access to our Services, such as to adjust our Services to the device you are using, and to recognize and stop any misuse. We also process usage data in anonymized form for statistical purposes and to improve our site.
3.3 Third Party Integrations
We may use the information we collect or receive through the Service, as a data processor, to enable your use of the integrations and plugins you choose to connect to your Medlens account. For instance, if you choose to connect Google to your Medlens account, we are able to access the Google Analytics account through Google API in a read-only method. In order to allow you to select the Google Analytics account to which you would like to export Medlens events, we fetch the account and web properties list. Medlens stores this Google Analytics account list to enable easy setup of exporting events from Medlens. We do not share any user data, especially not any data from the accounts or web properties list. The data collected is only accessible to you in your Medlens ecosystem.
You may choose to connect your Facebook or other social media account to Medlens to receive analytics about the use of social media interaction of your Visitors. In this case, you as a data controller, must read the policies of such social media platforms, and define legal bases for the processing of personal data. In some cases, you may be joint controllers with the social media platforms.
4. HOW DO WE COLLECT INFORMATION?
4.1 Information through your use of our Services
We collect information through your use of our Services. When you visit or use our Services, including when you browse the Website, register a User Account, and use the Platform, we will usually gather and collect such uses, sessions and related information, either independently or with the help of third-party services as detailed below, including through the use of “cookies” and other tracking technologies. We also collect and store information of your Visitors provided by you when adding your Medlens Tracking Code to your Site as our Service to you.
4.2 Information Provided by You Voluntarily
We collect information which you provide us voluntarily. For example, we collect the Personal Information you provide us when you register to our Services; when you sign in to our Services via third party services such as Facebook or Google; when you place purchases and/or register domain names; when you submit or upload such Personal Information as you use any of our Services; and/or when you contact us directly by any communication channel (e.g., Medlens’s chat support, emails).
You may deactivate your Medlens account and/or unsubscribe from receiving content or offers from us at any time. Following termination of your account, we may retain your personal data (in part or in whole) in order to be able to address customer service issues. At any point, you can request us to delete all your personal data.
On our website, you have the opportunity to contact us to ask us questions, for example via the in-app chat. We use this data solely in connection with answering the queries we receive.
If you receive emails from us, we may use certain analytics tools, to capture data such as when you open our email or click on any links or banners our email contains. This data helps us to gauge the effectiveness of our communications and marketing campaigns that are our legitimate interests.
We also collect information from third party sources as described below.
5. WHY DO WE COLLECT SUCH INFORMATION?
We collect such Non-personal and Personal Information for the following purposes:
- To provide and operate the Services;
- To further develop, customize and improve our Services, based on Visitors’ and Users’ common or personal preferences, experiences and difficulties;
- To provide our Users with ongoing customer assistance and technical support;
- To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
- To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we may use to provide and improve our respective services;
- To enhance our data security and fraud prevention capabilities; and
- To comply with any applicable laws and regulations.
We will only use your Personal Information when we are satisfied that our use of your Personal Information is necessary to:
- perform a contract or take steps to enter into a contract with you (e.g. to provide you with our customer assistance and technical support), or
- comply with a relevant legal or regulatory obligation that we have, (provided that Medlens will endeavor to notify you if Medlens has received a lawful request for your information);
- protect the personal safety of any person; and for the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture, or bankruptcy transaction or proceeding); or
- our use of your Personal Information is necessary to support legitimate interests that we have as a business (for example, to maintain and improve our Services by identifying user trends and the effectiveness of Medlens’s campaigns and identifying technical issues), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.
We also collect and use information in order to contact our visitors, and users, and in order to comply with the laws applicable to us.
Where you have provided consent, you may withdraw it at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing it.
6. HOW DO WE PROTECT YOUR INFORMATION?
Data collected using our Services belongs to you and is stored electronically in world-renowned data centers of Amazon Web Services. As the data controller, you are the only one with direct access to your data, which can never be used by any third party for any other purpose other than for that which you agreed.
As a result of Schrems II decision we provide additional measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data in case if we transfer personal data to the USA and other non-EU/EEA jurisdictions such as pseudonymisation and encryption.
Our security practices are based on industry-leading standards. Our security framework includes policies and procedures, asset management, access management, physical security, people security, product security, cloud and network infrastructure security, third-party security, vulnerability management, security monitoring, and incident response.
We never sell personal data and we carry out all processing operations in compliance with the EU General Data Protection Regulation (“GDPR”). Read more about Medlens and the GDPR here.
We may disclose personal data in our possession if we are required to do so by law, such as to comply with a subpoena or search warrant, governmental order, or similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect the data subject’s safety or the safety of others, to protect Medlens’s legitimate interests, or to investigate fraud or other threats.
If you have questions or need more detailed explanations on security topics, feel free to contact us via firstname.lastname@example.org.
7. YOUR DATA PROTECTION RIGHTS
You can exercise the following rights by contacting us.
You have the right to access information about you, especially:
- the categories of data;
- the purposes of data processing;
- third parties to whom the data disclosed;
- how long the data will be retained and the criteria used to determine that period;
- other rights regarding the use of your data.
The right to access information may be performed only by you or your legal representative. In case if you request the right to access information via a legal representative, you have to provide proof of whether such a person may represent you.
You have the right to make us correct any inaccurate personal data about you.
You can object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know the information that might be relevant to you.
You have the right to restrict processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
You have the right to be “forgotten”. You may ask to erase any personal data about you if it is no longer necessary for us to store the data or in other certain circumstances. We will also deactivate your account. Please, note, that we cannot restore permanently deleted accounts or personal data.
You have the right to lodge a complaint regarding the use of your data by us. You can address a complaint to your national regulator (the list of some regulators is accessible via https://edpb.europa.eu/about-edpb/board/members_en.
Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law.
We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.
8. WHERE DO WE STORE YOUR INFORMATION?
Note: We process and store all data in world-renowned data centers on the Amazon Web Services infrastructure, which use state-of-the-art multilayer access, alerting, and auditing measures. Our database servers run inside an Amazon Virtual Private Cloud, which is only accessible from the application servers and no outside sources are allowed to connect to the database.
At Medlens, we strive to implement the highest level of security processes and practices across all business units.
Medlens Ltd. is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the Personal Information of EU/EEA Member State residents.
Our security practices are based on industry-leading standards. Our security framework includes policies and procedures, asset management, access management, physical security, people security, product security, third-party security, vulnerability management, and incident response.
Medlens Medlens Users’ and Visitors of Users’ Personal Information may be maintained, processed and stored by Medlens and our authorized affiliates and service providers of Amazon AWS’ industry-leading, high security servers in the United States of America, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law. For further information, please visit Amazon S3, Amazon EC2, and Amazon Relational Database Service (RDS).
Medlens service providers that store or process your Personal Information on Medlens’s behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.
Upon request we will provide you with information about whether we hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by reaching out to email@example.com. We will respond to your request within a timeframe imposed by local laws or a reasonable timeframe.
If you have questions or need more detailed explanations on security topics, feel free to contact us at firstname.lastname@example.org.
9. VISITORS OF USERS’ INFORMATION
Medlens’s Users use our the Services to track and analyze the characteristics and activities of their Visitors. For this purpose, Medlens may collect, store and process Personal Information and Non-personal Information, including IP addresses and any interaction of a Visitor on a User’s website.
For such purposes, Medlens serves and shall be considered as a “Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation) of such Visitors of Users Information. The Users controlling and operating such User websites shall be considered as the “Controllers” of such Visitors, and are responsible for complying with all laws and regulations that may apply to the collection and control of such Visitors of Users Information, including all privacy and data protection laws of all relevant jurisdictions.
Medlens cannot provide legal advice to Users or their Visitors, however we do recommend that all Users publish and maintain clear and comprehensive privacy policies on their User Websites, in accordance with the applicable laws and regulations, and that all Visitors of Users carefully read those policies and make sure that they are informed about such policies.
If you are a Visitor of any of our Users, please read the following: Medlens has no direct relationship with the individual Visitors of Users whose information it processes. If you are a Visitor of any of our Users, and would like to make any requests or queries regarding your information, please contact such User(s) directly.
10. COOKIES AND OTHER TRACKING TECHNOLOGIES
Medlens is designed to enable you to learn more about your Visitors use of your website or product by giving you the ability to collect information based on their interaction. Medlens together with its marketing, analytics and technology partners, uses certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts). These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide our Users and their Visitors with a better experience. For example, thanks to these technologies, we are able to maintain and keep track of Visitors’ and Users’ preferences, to better secure our Services, to identify technical issues, user trends, and to monitor and improve the overall performance of our Services.
Please note that third-party services placing cookies or utilizing other tracking technologies through our Services may have their own policies regarding how they collect and store information.
E-Tag is a technology that is part of the standard HTTP protocol that allows our website to validate temporary storage (cache) of our pages and images. This ensures that you are viewing the latest version of our website since your last visit.
Web browser’s local storage are used to store content information and preferences.
Beacons are clear graphic image(s) of 1×1 pixel that are delivered through a web browser usually as part of a webpage request. Web beacons operate as a tag that records an end users visit to a particular webpage.
11. SHARING PERSONAL INFORMATION WITH THIRD PARTIES
We may share your Personal Information with third parties (or otherwise allow them access to it) only in the following manners and instances:
11.1 Third Party Services
Medlens has partnered with a few carefully selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, data and cyber security services, billing and payment processing services, and email distribution and monitoring services (collectively, “Third Party Service(s)”).
Such Third Party Services may receive Visitors’ and Users’ Information, in its entirety or in part – depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes.
11.2. Law Enforcement, Legal Requests and Duties
Where permitted by local data protection laws, Medlens may disclose or otherwise allow others access to your information pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
11.3. Protecting Rights and Safety
We may share your Personal Information with others if we believe in good faith that this will help protect the rights, property or personal safety of Medlens, any of our Users, any Visitor, or any member of the general public, with or without notice to you.
12. COMMUNICATIONS FROM Medlens
You may choose to stop receiving any emails from us, including weekly Insights from your website, feature updates or marketing emails by following the unsubscribe instructions included in these emails, or you can contact us at email@example.com.
We may also send you service related non-promotional email announcements on rare occasions when it is necessary to do so, for example, during provision of maintenance services, or as a reply to inquiries initiated by you.
13. DATA RETENTION
We retain personal data concerning Visitors for as long as the applicable User account is active, or as otherwise instructed by such User, Visitor or any partner that has provided us with such data, or otherwise to the extent authorized under applicable law. We may adopt shorter retention periods to the extent required or authorized by our Users, or in accordance with common practices and legal requirements. We may also retain and use personal data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to protect our or others’ legal rights and legitimate interests.
We retain Users’ personal data in accordance with the purposes, requirements and legal basis for which such data was provided or made available to us or utilized by us in accordance with applicable law. For example, we retain our Users’ contact details as reasonably necessary for the purposes of maintaining our engagements and performing, improving and promoting our Services and relationships with our Users.
15. COMMENTS AND QUESTIONS
If you have any comments or questions about our privacy practices, please contact us at firstname.lastname@example.org.