GDPR Compliance Declaration

What is Metadvice?

Metadvice is a suite of precision medicine applications that facilitates comprehensive and precise diagnostic and therapeutic evaluations. Metadvice uses artificial intelligence to transform big data into actionable insights for both doctors and patients.

Background

With the rapid advance of healthcare technologies – such as mobile medical apps and cloud computing – and their increasing integration with social media, personal data1 protection has become of paramount importance.

The European Union has recently adopted a new regulation concerning data protection - the EU General Data Protection Regulation 2016/679, known as the General Data Protection Regulation ("GDPR"). As a company with EU users, Metadvice has taken certain actions and has adopted policies and procedures in order to implement the GDPR to enhance the data protection of the personal data1 of its EU users.

Steps Implementing GDPR

  • Creating a data mapping inventory mapping all our data flows, differentiating between personal data and non personal data. We are constantly updating and maintaining this data mapping as a record of our processing activities.
  • Mapping and determining our lawful basis for processing of personal data.
  • Adjusting information security measures to be adequate and appropriate under the GDPR principles to the types of personal data we process. For more information about our information security measures please visit: https://www.metadvice.net/privacy-policy.php.
  • Adapting Metadvice’s Privacy Policy and service Terms of Use in accordance with the GDPR principles, mainly transparency and introducing a privacy notice on our site. Our updated Privacy Policy may be found at: https://www.metadvice.net/privacy-policy.php. Our updated Terms of Use may be found at: https://www.metadvice.net/terms.php.
  • Putting in place or updating existing data protection policies, such as an updated Information Security Policy, Data Subject Access Request Policy, Incident Management Procedure, and Retention Policy.
  • Creating a system for receiving, tracking, and implementing users’ requests for deletion of personal data. Users may request account deactivation, deletion of user account, deletion of personal data, etc.
  • Updating the backup processes to be aligned to our Retention Policy so that deleted personal data will also be deleted from the backups after 90 days.
  • Updating the customer contact processes and implementing communication preference- setting systems.
  • Updating our list of sub-processors and amended our terms of agreement with them to comply with GDPR article 28.
  • Appointing a data protection officer (DPO), which is in charge, globally, to protect the personal data of our users and to align our relevant policies with the GDPR. Our DPO’s contact details are as follows: dpo@metadvice.net.

Summary

Metadvice is a unique and innovative precision medicine application, powered by artificial intelligence. Metadvice is implementing the appropriate GDPR principles as part of a corporate commitment to protecting personal data through a strong security and compliance management program.

Disclaimer

This declaration is not a contractual commitment and does not create any legal obligation on Metadvice. It is merely intended to share our practices as part of the transparency principle we abide by. Our contractual and legal obligations are included in our contracts with our customers and in the legal terms on our website (Terms of Use, Privacy Policy).

GDPR does not apply to all of our users and this declaration is not intended to apply to your rights if you are not a data subject in the EU.

If you have any questions about the way we handle your personal data, whether under GDPR or other laws applicable to you, please contact our DPO at dpo@metadvice.net.




1 'Personal data' under GDPR means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.