Privacy Policy

20/07/2020

You (“you” or “your”) are receiving this privacy policy because you wish to use this solution  developed by MyMedBot SARL, a société à responsabilité limitée, governed by the laws of the Grand Duchy of Luxembourg, having its registered office at 18 Beim Fussebur, L-5364 Schrassig and registered with the Luxembourg Registre de Commerce et des Sociétés under number B222512 (“MyMedBot” or “we”, “us” or “our”) at the request of the educational institution who has requested your access to this solution  (the “Educational Institution”).     

We aim to comply, to the extent applicable to MyMedBot, with the applicable requirements of the Children’s Online Privacy Protection Act (“COPPA”), the California Consumer Privacy Act (“CCPA”), the Family Educational Rights and Privacy Act (“FERPA”), the California Student Online Personal Information Protection Act (“SOPIPA”), the EU’s General Data Protection Regulation (“GDPR”), and other applicable laws.    

We take our obligations under privacy and data protection law very seriously. This privacy policy is designed to help you understand your rights about your Personal Data which may collected through this solution. By downloading, using or accessing our solution, you accept our Privacy Policy, and you consent to our collection, storage, use and disclosure of your Personal Data as described further in this privacy policy.

Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified by data such as his or her name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Our solution works by collecting information on the Educational Institution’s behalf about a student, whether entered by the parent or by the student. The Educational Institution determines which data is collected and ultimately owns the data of your responses.  On the one hand, we are acting as a “processor” on behalf of the Educational Institution. This means that (i) the Educational Institution decides whether and which of your Personal Data will be collected through this solution, as well as why and how your Personal Data will be processed; and that (ii) we process such data in accordance with the instructions of the Educational Institution. We invite you to contact your Educational Institution to obtain a copy of its privacy policy and to understand your rights regarding your Personal Data collected through this solution according to the instructions of your Educational Institution.  We are not responsible for what your Educational Institution does with or how it uses your Personal Data.

On the other hand, we also collect certain general information about all the users of our solution, which may include Personal Data (“User Data”). With regard to User Data which is Personal Data (the “User Personal Data”), we act as a “controller”.

Regarding construing “you” and its variations, we rely on the context of the usage herein to differentiate between the parent and the student when relevant and sometimes specify which version to apply if we feel “you” could be construed incorrectly. “You” applies to both parent and the child (student). The default “you” is whoever is using the solution and providing consent under the terms of this privacy policy. If a student is at least 18 or in post-secondary education, the default “you” is the student.  If a student is younger than 18 and not in post-secondary education, the default “you” is the parent.

Any consents given by a parent are deemed to be the consent of the child unless the child is at least 18 or in post-secondary education. If a parent is using our solution on behalf of a child, for as long as the parent is using the solution, the parent represents and warrants that the parent has the legal authority to provide consent for and act on behalf of the child. 

You agree to indemnify, defend and hold us harmless against any misuse of the system by the child, parent, spouse or ex spouse or any legal process used where the primary reason is not related to a need to know the data we collect. 

This privacy policy is designed to help you understand which User Personal Data we collect as a “controller”, why we collect this data, how we use it and who we share it with. It also explains the rights you have in connect with the User Personal Data, including how to contact us or to make a complaint.

You agree that the Company may send periodic communication via email.  Example emails may include a welcome email, verification emails, or any other emails that are required to operate your account.

We invite you to carefully read this privacy policy, and for any further question in relation to the processing of your Personal Data or the collecting of your User Personal Data, we invite you to contact us at privacy@mymedbot.lu.

This privacy policy may change from time to time. We will inform the you and Educational Institution      of any changes by updating the privacy policy on our solution and will notify the Educational Institution by email      or through the solution about changes to the privacy policy and that Educational Institution’s continued use of the solution after an update is consent to the then-current terms. This privacy policy was last updated on 20 July 2020.

1. WHAT USER DATA DO WE COLLECT ABOUT YOU

We collect various types of User Data about you from the Educational Institution, during your use of our solution, and your voluntary provision of Personal Data on our website, including:

- basic personal and family details such as your name and your child’s name if you are reporting for them in the solution;

- contact data such as your email address and telephone number;

- information regarding your device, browser and operating system;

- usage data (e.g., date and time of access of our solution and date and time of certain actions performed on the solution); and

- basic Educational Institution data such as the student’s Educational Institution, the student’s ID number, the student’s and parent’s Educational Institution email address and the students grade number

By submitting information to the solution, you confirm that you have the right to authorize us to process it in accordance with this privacy policy.

Please note that we will not knowingly collect, use or disclose User Personal Data from a minor under the age of 18 without prior consent from a parent and/or legal guardian beyond directory level data and contact information provided by the Educational Institution to enable user onboarding.

In addition, the Educational Institution can customize the solution’s interface with you to request any information it chooses. We are not responsible for the information the Educational Institution requests or how the Educational Institution uses the information it requests or that we provide it.

In addition, the Educational Institution can customize the solution’s interface with you to request any information it chooses. We are not responsible for the information the Educational Institution requests or how the Educational Institution uses the information it requests or that we provide it.

2. RELATIONSHIP TO FERPA AND HIPAA

For the purposes of the Family Education Rights and Privacy Act (“FERPA”), the information of the students that we collect may be considered part of the student’s “education records” held by the Educational Institution as defined in 20 U.S.C. § 1232g(a)(4); 34 C.F.R. § 99.3, “Education records.”  This Privacy Policy does not affect your FERPA rights with the Educational Institution.  Nor does this Policy provide any rights under FERPA that you otherwise are not entitled to.

The Educational Institution is allowed to share information under FERPA’s “health or safety emergency” exception, wherein educational agencies and institutions may disclose to a public health agency User Personal Data from student education records, without prior written consent in connection with an emergency if the public health agency’s knowledge of the information is necessary to protect the health or safety of students or other individuals. 20 U.S.C. § 1232g(b)(1)(I); 34 C.F.R. §§ 99.31(a)(10) and 99.36.   

 

To the extent FERPA applies to your Educational Institution, parents and non-eligible students may have a right to inspect and review the student’s records and are given an opportunity to challenge or explain the content of a student’s education records.  We will work with your Educational Institution to enable it to comply with its FERPA obligations in this regard.   

To whatever extent multiple individuals have the power to consent and withdraw consent for or on behalf of a student, you represent and warrant that you have received the consent from all of these individuals and that your consent herein for Personal Data collected is irrevocable but you may stop using the solution at any time. 

As we are not knowingly collecting personal information on behalf of a “covered entity,” the collected information is not subject to the protections of the Health Insurance Portability and Accountability Act (“HIPAA”).

3. THE WAY WE COLLECT USER DATA ABOUT YOU

We may collect or receive your User Data when your account is created and when you use the solution. Some information about you comes from the Educational Institution. We do not collect information about you from third parties except third parties that we might engage to understand how you use our solution or website such as Google Analytics.

Users can subscribe to newsletters or other communications outside of our solution on our website. You may unsubscribe from these notifications any time by visiting an opt-out page at www.mymedbot.lu/optout.

We use cookies to analyze traffic, to remember your preferences, to optimize navigation and to improve our services. We may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.  For example, we store a persistent cookie to track device information and anonymous location data.

You may use the settings within your browser to control cookies or prevent accepting some or all cookies. To find out more useful information on how to block cookies using different browsers, please visit www.allaboutcookies.org. You can block or delete all or some cookies. However, blocking or deleting cookies may limit your use of full advantages of our solution.

4. HOW WE RESPOND TO DO NOT TRACK SIGNALS

We disregard any Do Not Track requests by your browser, operating system or solution, and we do not respond to any Do Not Track Requests.

5. PURPOSES FOR USING USER PERSONAL DATA ABOUT YOU

The User Personal Data collected from you will be used exclusively for the purpose of:

- management of our users (e.g. registration, account management, answer questions and provide technical support);

 

- management and improvement of our solution;

 

- research and development purposes (analysis in order to better understand your needs and to better understand our business and develop our solution);

 

- improve and personalize your experience;  

 

- improve the quality of our solution;

 

- archiving and record keeping; and

 

- any other purposes imposed by law and authorities.

6. LEGAL BASIS FOR USING USER PERSONAL DATA ABOUT YOU

We will not use your User Personal Data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your User Personal Data in case of:

- contract performance (where your information is necessary to enter into or perform our contract with the Educational Institution);

- legal obligations (where we need to use your information to comply with our legal obligations);

- legitimate interests (where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights);

- legal claims (where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party); and

- consent (where you have consented to our use of your information).

If we learn that your Personal Data was wrongly collected by the solution, we will take steps to delete the information as soon as possible.

7. WHO DO WE SHARE YOUR USER PERSONAL DATA WITH

As noted above, the purpose of our solution is to collect information on behalf of your Educational Institution and share that information with the Educational Institution.

We will not sell, share, or otherwise transfer your User Personal Data to third parties, other than those indicated in this privacy policy.

 

In the course of our activities and for the same purposes as those listed in this privacy policy, your User Personal Data can be accessed or transferred to the following categories of recipients, on a need-to-know basis to achieve such purposes:

- your Educational Institution;

 

- our personnel;

 

- our service providers that provide services to us in the context of the solution ;

 

- our IT systems providers, cloud service providers, database providers and consultants;

 

- public health agencies and officials and other individuals or entities allowed by FERPA’s “health and safety” exception;

 

- any third party to whom we assign or novate any of our rights or obligations to; and

 

- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets.

 

The above third parties are contractually or lawfully obliged to protect the confidentiality and security of your User Personal Data, in compliance with applicable law.

 

Your User Personal Data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.

 

The User Personal Data we collect from you may also be processed, accessed or stored in jurisdictions outside the European Economic Area that may not provide for a similar level of personal data protection. For this purpose, we rely upon your consent to transfer the data to such jurisdictions. Your consent in this respect will be requested through ticking the relevant box while accepting this privacy policy. 

8. DATA SECURITY

We encrypt your Personal Data at rest on our cloud storage services and back up the data periodically. Our personnel retain access to your Personal Data for IT and customer support purposes. 

9. THIRD PARTIES

We use various third party service providers to provide optimal website and solution functionality to you and our business operations. These third-party technology service providers have their own privacy policies addressing how they use such information. Not all of these third parties touch your Personal Data in every situation. While we take care in choosing our service providers with our users in mind, we cannot be responsible for the actions of these third parties except to the extent required by law. Below are some examples with links to their privacy policies.

We use the Expo Platform with our solution development.  You can find out more about their privacy at https://expo.io/privacy-explained and https://expo.io/privacy

 

We use Heroku, a Salesforce company, for our database development.  You can find out more about their privacy policies at https://www.heroku.com/policy/security and https://www.salesforce.com/company/privacy/.

 

We use cloud storage and analytics services from Amazon Web Services.  You can find out more about Amazon’s privacy policy here. https://aws.amazon.com/privacy/

 

In addition, we use third party website visitor tracking services such as Google Analytics, that collect, monitor and analyze this type of information in order to increase our solution’s or website’s functionality.

We use Google Analytics to track, analyze, monitor and report on solution and web site traffic. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page at http://www.google.com/intl/en/policies/privacy/.  Any information regarding opting out of Google Analytics tracking will be located at https://tools.google.com/dlpage/gaoptout

We use website development tools like Wix and related Wix solutions.  Use of our website and entering information into our “contact us” and “subscription” forms go through the Wix platform where they store traffic data. You can find out more about Wix’s privacy policy at  https://www.wix.com/about/privacy.

We use tools to manage our off-solution communications with our customers, potential customers and other third parties through a mailing list and customer relationship management platforms freshsales, freshdesk and freshcaller. You can find their privacy policy at: https://support.freshsales.io/support/solutions/articles/233227-privacy-policy.

 

We may use a reputable third party crash reporting tool. As noted above, we compile Website usage statistics from data collected through cookies. We may publish those statistics or share them with third-party technology service providers, but they don’t include personal data.

We are not responsible for the conduct of Google, Amazon, Heroku, Salesforce, Expo, Wix, freshsales, freshdesk, freshcaller or any other third parties we may use.  As noted above, their respective terms of service and privacy can be found on their websites. 

Links. It is possible that we or the Educational Institution may provide links to or compatibility with other websites or applications. Following these links is optional.  We are not responsible for the privacy practices employed by those websites or the information or content they contain. This privacy policy applies solely to information collected by us through the solution. Therefore, this privacy policy does not apply to your use of a third-party website accessed by selecting a link on our solution. We encourage our users to read the privacy statements of other websites before proceeding to use them.

10. STORAGE PERIOD OF YOUR USER PERSONAL DATA

Your User Personal Data will be stored as long as necessary to fulfil the purposes for which it was collected or to comply with legal or regulatory requirements.

What this means in practice will vary depending on the types of data. When we consider the retention duration, we consider any continued need to process the data, together with our legal, regulatory and contractual obligations. For User Personal Data that is related to an agreement that you or your educational institution has executed with us, the retention period is the duration of that agreement, plus the period until claims under the agreement become time-barred, unless legal or regulatory requirements require a longer or a shorter retention period.

11. YOUR RIGHTS IN RELATION TO YOUR USER PERSONAL DATA

You may be entitled to information or additional rights under European Union (“GDPR”), CCPA, CalOPPA, COPPA, or other now existing or future arising applicable data protection laws within their prescribed time limits and for data in our possession, only to the extent that such laws are applicable to MyMedBot:

- the right to request us to provide you with further details on the use we make of your User Personal Data;

 

- the right to access or receive your User Personal Data as processed by us;

 

- the right to request the update of any inaccuracies in your User Personal Data;

 

- the right to request the deletion of your User Personal Data;

 

- the right to request the restriction of processing to specific categories of your User Personal Data;

 

- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;

 

- the right to object, in whole or in part, to the processing of your User Personal Data;

 

- the right to object to the processing of your User Personal Data for direct marketing purposes;

 

- the right to request the portability of your User Personal Data (i.e. that the User Personal Data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-

readable format without hindrance from us and subject to your confidentiality obligations); 

 

- the right to receive equal services and prices as other consumers;

 

- the right to opt out of or into the sale of your Personal Data (which we don’t do);

 

- the right to be notified in case of a personal data breach regarding your User Personal Data; and

 

- the right to request a copy of the User Personal Data that we hold about you.

 

If you have a question or want to exercise the above rights, you may send an e-mail to privacy@mymedbot.lu.

You furthermore have the right to make a complaint to the competent data protection authority.

If you are entitled to these rights by virtue of your jurisdiction and the company’s eligibility under the law, we may require proof of European, California or other residence before responding to any request made under this section.  Nothing in this section provides rights to individuals not entitled to enforce a law in their jurisdiction.  This listing of any data protection laws in this Section is not an admission that such laws apply to MyMedBot.

12. STATE SPECIFIC ADDITIONS

As state laws have different requirements on us, we list some specific additions to this privacy policy that may apply based on the Educational Institution’s residency and type of institution.

New York - Pursuant to New York Education Law § 2-d, Parents Bill of Rights for Data Privacy and Security shall be included with our contract with the Educational Institution.

 

Connecticut – We will not use the Educational Institution’s data for any purpose beyond the indicated purposes in the privacy policy including using the education records in targeted advertising.  We will use at least industry standard security to protect the educational records generated through our solution.  Pursuant to Public Act No. 16-189, Connecticut law shall govern the duties between us and the local or regional board of education for the Educational Institution, and we will comply with Public Act No. 16-189.

 

Maryland, Colorado and California – We will not use the Educational Institution’s data for any purpose beyond the indicated purposes in the privacy policy including using the education records in targeted advertising.

Additionally, pursuant to Florida Information Protection Act of 2014 and Pennsylvania’s Breach of Personal Information Notification Act, we will provide notice to you of a security breach. 

 

If you are entitled to these rights by virtue of your jurisdiction and the company’s eligibility under the law, we may require proof of European, California or other residence before responding to any request made under this section. Nothing in this section provides rights to individuals not entitled to enforce a law in their jurisdiction.  This listing of any data protection laws in this Section is not an admission that such laws

apply to MyMedBot.

13. JURISDICTION AND APPLICABLE LAW

You agree that this privacy policy is managed, interpreted and executed in accordance with the laws of the Grand Duchy of Luxembourg without regard to conflicts of laws of the US or any US state and any dispute will be subject to the exclusive jurisdiction of the courts of the Grand Duchy of Luxembourg.  You agree that the courts of the Grand Duchy of Luxembourg have personal jurisdiction over you (including the parent and the student) for any disputes arising hereunder and hereby waive any claims or assertions to the lack of personal jurisdiction or forum non conveniens in the courts of the Grand Duchy of Luxembourg.

Headquarters:

18 Beim Fussebur

L-5364 Schrassig

Luxembourg

Sales:

US: +1 (929) 419-3112​

EU: +352 621 583 784

Copyright © 2020 onwards MyMedBot Sarl.  All rights reserved. Privacy Policy.

  • Facebook
  • Twitter
  • LinkedIn