By using Medrefund services, our websites, our social media pages, our dedicated telephone lines, functions and any other Medrefund service, you are acknowledging that we are processing your personal information and, where necessary consenting to such practices, as outlined in this statement.
Personal information which we collect
We collect personal information about you (and others if their personal information is provided by you) when you:
(a) request information on treatment possibilities;
(b) request information on available treatment;
(c) request information on reimbursement possibilities for treatment abroad (before treatment received and after treatment received);
(d) request booking with our partner healthcare providers;
The personal information collected in the above manner may include the following about you (and others if their personal information is provided by you):
(a) full name;
(b) confirmation of address and;
(c) email address;
(d) telephone number;
(e) payment details;
(f) medical report and treatment history;
(g) disability and health information;
(h) identification information (such as passports, drivers’ licences or national identity cards).
Personal information provided by third parties
We may receive information about you from other sources (such as the Mail Preference Service), which we will add to the information we already hold about you in order to help us provide our products and services in accordance with your requirements and to ensure that the quality of data we have on your account(s) is maintained properly. We may also obtain information about you from social media providers such as Twitter and Facebook or from third party websites where you have left commentary or feedback about us.
How we use your information
We will collect personal information:
1) in order to answer your question you have raised on our website, in email, by phone on on our social media account:
(a) Personal data – Name, email, address, phone number, date of birth;
(b) Medical records – diagnose, planed medical treatment, medical treatment received, location of planed, location of received medical treatment, provider of medical treatment, and proof of payment for medical service.
- in order to take the necessary steps in preparation of, or to fulfil our obligations under, a agreement contract:(a) Personal data – Name, email, address, phone number, date of birth;(b) Medical records – diagnose, planed medical treatment, medical treatment received, location of planed, location of received medical treatment, provider of medical treatment, and proof of payment for medical service;(c) Personal identification data – gender, NHS number or NSHB or CHI number, NIN, GP name, GP address;
- with your consent:a) Maintain records indicating your consent to status – to ensure we accurately reflect your wishes when communicating to you.
- in our legitimate interest* to protect against fraud:
a) Website improvement and fraud prevention – improve our websites, prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf;
b) Security – carry out security checks when allowing you access to our services and to block fraudulent or suspected fraudulent activity.
- in order to meet our legal obligations:
a) Taxation – ensure we meet our tax and other regulatory obligations;
b) Registration – ensure local jurisdiction regulations are complied with (where registration is necessary in such jurisdictions).
* any reliance on legitimate interest shall not prejudice your interest or fundamental rights and freedoms.
How long we will keep your personal information
We retain your information for a range of purposes which determine the period of time for which we need to keep such information. Your data may be kept longer in order to reflect your wishes when communicating to you.
Our approach to information security
To protect your information, Medrefund has procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have proportionate and reasonable security measures in place. To achieve this, employees, contractors, sub-contractors and third party suppliers have contracts, with defined roles and responsibilities.
While we take commercially reasonable measures to ensure the safety and security of your data, due to the inherent risks with the Internet, we are unable to warranty the absolute security of your data when using our services.
In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right.
The right to access information we hold about you
At any point you can contact us to request details concerning the information we hold about you, why we have that information, who has access to the information and where we got the information. In most cases you may be entitled to copies of the information we hold concerning you. Once we have received your request we will respond within 30 days.
The right to correct and update the information we hold about you
If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.
The right to have your information erased
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted.
The right to object to processing of your data
You have the right to request that Medrefund stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.
The right to data portability
You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.
The right to object to automated decision making / profiling
You have the right to request that we stop profiling you in relation to our direct marketing practice. You can inform us and we will deal with your request accordingly.
The right to complain
You can make a complaint to us by contacting us via info(at)medrefund.co.uk or to the data protection supervisory authority – in the UK, this is the Information Commissioner’s Office, at https://ico.org.uk/.
Sharing your information
The information and data we collect is important for Medrefund and we understand that you care about the use and storage of your personal information we value your trust in allowing us to do this. We would not want to share this with anyone else unless we have your express consent, we will never disclose your personal information to any third parties for their marketing purposes.
Your data might be shared by third party in order to full fill agreement or answer your questions.
Analysis tools and social media
This website uses functions of the Google Analytics Web analysis service. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043.
We have enabled the IP anonymization function on this website. This means that your IP address will be abbreviated by Google within European Union member states or in other states party to the Agreement on the European Economic Area prior to being sent to the U.S. Full IP addresses will be sent to a Google server in the U.S. and abbreviated there only in exceptional cases. Google will use this information on behalf of the operator of this website to assess your use of the website and compile reports on website activities and provide other services for the website operator that are associated with use of the website and of the Internet. Google will not combine IP addresses sent from your browser in the context of Google Analytics with other data.
You can prevent cookies from being saved by configuring your browser software settings accordingly; we would like to point out, however, that doing so may mean you are not able to use all the functions of this website in full. Moreover, you can prevent the collection of data generated by cookies to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at this link: https://tools.google.com/dlpage/gaoptout?hl=en
Opting out of data collection
You can prevent the collection of your data by Google Analytics by clicking the link below. An opt-out cookie will be set, which prevents the collection of your data during subsequent visits to this website: Disable Google Analytics
More information about how Google Analytics handles user data can be found in the Google data privacy statement: https://support.google.com/analytics/answer/6004245?hl=en
Contract data processing
Demographic features with Google Analytics
This website uses the Google Analytics ‘demographic features’ function. It can be used to produce reports containing information about the age, gender, and interests of visitors to the website.
This data originates from interest-based Google advertising as well as from visitor data belonging to third-party providers. This data cannot be assigned to specific people. You can disable this function at any time via the display settings in your Google account or generally opt out of data collection by Google Analytics as explained in the ‘Opting out of data collection’ section.
Google Analytics Remarketing
Our websites use Google Analytics Remarketing functions in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043.
This function makes it possible to link the target advertising groups created using Google Analytics Remarketing to the cross-device functions of Google AdWords and Google DoubleClick. Thus, interest-based, personalized advertising messages, which have been tailored to you depending on your previous usage and surfing behaviour on an end device (mobile phone, for example) are also displayed on another of your end devices (tablet or PC, for example).
If you have given the relevant consent, Google links your Web and app browser history to your Google account for this purpose. In this way, the same personalized advertising messages can be synchronized on any end device that you log into using your Google account.
To support this function, Google Analytics collects Google authenticated user IDs, which are temporarily linked to our Google Analytics data, in order to define and create target groups for cross-device advertising campaigns.
You can turn cross-device remarketing/targeting off at any time by disabling personalized ads in your Google account; follow the link below to do this:
Collected data is centralized in your Google account based solely on your consent, which you can give to Google or withdraw (Section 6 (1) a) GDPR (General Data Protection Regulation)). In the case of data collection procedures that are not integrated into your Google account (because you don’t have a Google account or have opted out of integration, for example), data is collected based on Section 6 (1) f) GDPR (General Data Protection Regulation). Legitimate interest means that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.
Google AdWords and Google conversion tracking
This website uses Google AdWords. AdWords is an online advertising service developed by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (‘Google’).
We use conversion tracking in the context of Google AdWords. A conversion tracking cookie is set if you click an ad delivered by Google. Cookies are small text files which are stored by Internet browsers on a user’s computer. These cookies cease to be valid after 30 days and are not used to identify users. If a user visits certain pages of this website and a cookie has not yet expired, we and Google are able to identify that the user has clicked an ad and been redirected to the respective page.
Every Google AdWords customer receives a different cookie. Cookies cannot be tracked via the websites of AdWords customers. Information obtained with the help of conversion cookies is used to produce conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the overall number of users who have clicked their ad and been redirected to a page with a conversion tracking tag. However, you will not receive any information allowing you to identify users. If you wish to opt out of tracking, you can do so easily by disabling the Google conversion tracking cookie in your Internet browser user settings. You will then not be included in conversion tracking statistics.
Conversion cookies are saved based on Article 6 (1) f) GDPR (General Data Protection Regulation). The website operator has a legitimate interest in analyzing user behavior in order to optimize both its Web offering and its advertising.
You can adjust your browser settings, so you receive notifications about cookies and only allow cookies in individual cases, refuse to accept cookies in certain cases or in general, and enable automatic deletion of cookies when closing your browser. Disabling cookies may compromise the functions of this website.
Our website uses Facebook Pixel to measure conversions from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304 (‘Facebook’).
This can be used to track the behaviour of website visitors after they have clicked a Facebook ad and been redirected to the supplier’s website. Consequently, the effectiveness of Facebook ads can be assessed for statistical and market research purposes, and future ad campaigns can be optimized.
The data collected is anonymous to us as the operator of this website; we are unable to draw any conclusions regarding the identity of users. However, the data is saved and processed by Facebook; consequently, connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy. As a result, Facebook can enable the delivery of ads both on and off Facebook pages. As the operator of our website, we are unable to influence this use of data.
You can also disable the ‘Custom Audiences’ remarketing function in Ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You need to be logged into Facebook to do this.
If you do not have a Facebook account, you can disable use-based Facebook advertising on the European Interactive Digital Advertising Alliance website: http://youronlinechoices.eu/.
Our website uses plugins from the Google-operated site YouTube. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066. If you visit any of our pages that have a YouTube plugin, a connection will be established with YouTube servers. Notification of which of our pages you have visited will be sent to the YouTube servers.
If you are logged into your YouTube account, YouTube allows you to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
More information about how user data is handled can be found in the YouTube data privacy statement at: https://policies.google.com/privacy?hl=de&gl=en.
Data Protection Officer
73 Shelley road
We may change this policy from time to time. You should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.