Privacy Policy
Effective Date: April 15, 2025
Medda Technologies Incorporated and its affiliates ("Medda," "we," "our," "us") are committed to protecting your personal information that we collect, use and disclose in the course of providing services and operating our business, in accordance with all applicable regulatory requirements, including applicable privacy and health legislation, and consistent with our professional obligations. Personal information does not include de-identified or aggregated information that cannot reasonably be associated with a specific individual.
Information We Collect
In most cases, we collect personal information directly from individuals. However, we may also receive information indirectly. We also collect personal information through automatic means through our Websites as described below. We collect and process the following types of personal information:
Personal Identification Information: Name, date of birth, contact details, signatures and similar information.
Health Information: Medical history, prescriptions, diagnosis, test results, treatment plans or other medical records.
Authentication Data: Government-issued ID, healthcare or patient identifiers, biometric authentication data (if applicable), authentication forms and similar data.
Web Usage Data: Log files, device information, IP addresses, and browsing behavior within our platform, including Google Analytics, ‘cookies’ or similar technologies.
How We Use Your Information
We use your personal data to provide, manage, and improve our services, including retrieving, organizing, and sharing your medical records with authorized providers. Additionally, your data is used to ensure security and fraud prevention measures, maintaining compliance with regulatory requirements. Your data is also used for communication and marketing purposes, including service updates and support. Furthermore, we process your information as required by legal and regulatory obligations.
Legal Basis for Processing
We process personal data based on different legal grounds. Your consent allows us to collect and share your data when you explicitly authorize us. Legal obligations require us to process your data under applicable regulatory frameworks such as Provincial health information acts or Provincial or Federal personal information protection acts. We may also process your data under legitimate interests, ensuring that our services function effectively and securely. In cases where processing is necessary to fulfill an agreement with you, we rely on contractual necessity as a legal basis.
Data Sharing and Disclosure
We may share your data with:
Healthcare Providers: To facilitate your medical care and continuity of care and in support of our services, with your consent.
Authorized Representatives: Individuals or companies you designate to access your records.
Legal Reasons: We or our third-party service providers may disclose personal information to other persons in response to a valid legal investigation or order in the case of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise required or permitted by applicable law or governmental authority.
Service Providers: Third-party vendors, agents and contractors who assist with provision of our services including security, cloud storage, software, billing, communications and analytics.
Data Security Measures
We understand that data security is a critical issue and we are committed to safeguarding the Personal Information in our custody or control. We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure.
Your Choices
If you have signed up to receive our email communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email.
Opting out of ‘interest-based advertising’ and to understand your options, please visit the Digital Advertising Alliance of Canada website at: http://youradchoices.ca/choices
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and you may still see ads, but the ads may be less relevant to you and your interests.
For more information about Google Analytics or to prevent the storage and processing of this data (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
Your Rights
You may have the following rights:
Access & Portability: Request a copy of your medical records in a structured format.
Correction: Update or correct inaccuracies in your data.
Erasure: Request deletion of your data, subject to legal and operational requirements.
Consent Withdrawal: Revoke consent for processing where applicable.
Objection & Restriction: Limit how your data is processed under certain conditions.
To exercise these rights, please send a written request to the Contact Us section below.
Data Retention
We retain your personal information for only so long as is necessary to fulfill the purposes for which it was collected or as required to meet legal or regulatory requirements. We may keep your personal information along with other information about you in our records, even after your account is closed, for the purposes of complying with legal and regulatory obligations.
International Data Transfers
Your data is stored in data centers in Canada. It may be accessed or processed from outside Canada in limited circumstances for technical support and maintenance purposes, including maintaining, repairing, trouble-shooting or upgrading the platform or software.
Third Party Links
Our Website may contain links to other websites that Leeg does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites.
Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in laws, regulations, or business operations. We encourage you to review this page regularly to ensure you are familiar with those changes. We will indicate at the top of this privacy policy when it was most recently updated.
Contact Us
For questions or concerns about this Privacy Policy please contact us at: legal@medda.ai
By using Medda's services, you acknowledge that you have read, understood and agree to this Privacy Policy and any applicable Terms of Service.
Addendum: European Union and EEA Residents
Additional Information for Users in the European Union (EU) and European Economic Area (EEA)
If you are located in the EU or EEA, the following terms apply in accordance with the General Data Protection Regulation (GDPR):
Legal Basis for Processing Personal Data
We process your personal data lawfully under one or more of the following legal bases:
Consent (Art. 6(1)(a)): When you voluntarily provide information to us (e.g., submitting a contact form or joining a waitlist), we rely on your explicit consent.
Contractual necessity (Art. 6(1)(b)): When processing is necessary to provide services you request, such as fulfilling a medical records retrieval request.
Legal obligation (Art. 6(1)(c)): When we are required to process your data to comply with applicable laws.
Legitimate interest (Art. 6(1)(f)): When processing is necessary for purposes such as improving our platform or preventing fraud, and does not override your rights and freedoms.
Your Rights Under GDPR
If you are an EU/EEA resident, you have the following rights:
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure (“Right to be Forgotten”): Request that we delete your personal data under certain conditions.
Right to Restriction of Processing: Request a pause on processing while we assess a related request.
Right to Data Portability: Request that we transmit your data to another controller where technically feasible.
Right to Object: Object to processing based on our legitimate interest.
Right to Withdraw Consent: Withdraw your consent at any time, without affecting prior processing.
Right to Lodge a Complaint: Submit a complaint to a data protection authority (see below).
To exercise any of these rights, please email us at privacy@medda.ai.
International Data Transfers
Your personal data may be transferred to and processed in countries outside the EU/EEA, including Canada and the United States. Where applicable, we rely on:
Canada’s adequacy status under GDPR Article 45
Standard Contractual Clauses (SCCs) for third-party vendors
Your explicit consent for specific processing or communications
All transfers are performed in accordance with GDPR Chapter V requirements to ensure your rights are upheld.
Cookies and Consent Management
We use a cookie consent management platform (Cookiebot by Usercentrics) to provide granular control over tracking technologies. You can manage or revoke your cookie preferences at any time by using the cookie banner found on our website.
Retention and Deletion of Your Data
We retain personal data only as long as necessary for the purposes for which it was collected, or as required to comply with legal obligations. You may request deletion of your data at any time by emailing privacy@medda.ai.
Supervisory Authority Contact
If you believe your rights under GDPR have been violated, you have the right to contact your local data protection authority. For example:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin, Germany
Website: https://www.datenschutz-berlin.de
If there is any conflict between this section (Addendum: European Union and EEA Residents) and the remainder of this Privacy Policy, the terms in this section shall prevail for users located in the EU or EEA.