has updated their data privacy & cookie policy (“Privacy Policy”) according to the EU General Data Protection Regulation (“GDPR”) which is effective from May 25th 2018. The GDPR is an important legislation which is designed to strengthen the data protection for individuals within the European Union.
We are fully committed to compliance with the GDPR.
The following points are explained in our privacy policy:
- What personal data we collect
- Why and how we use personal data
- Who we share personal data with
- The choices about accessing, updating and removing personal data
Please read our Privacy Policy carefully. By using or accessing our Service you acknowledge that you have read, understood and agree to be bound to all the terms and conditions of this Privacy Policy.
If you do not agree, please leave our site and do not access or use our service.
In order to achieve compliance, the following steps were taken:
- Research areas of impact by GDPR
- Appointment of a data protection officer
- Rewrite of our data protection policy
- Ensure with partners who need data in order to process our customer’s orders that this is in GDPR compliance
- Performance of the necessary changes to our internal processes and procedures (Update SOP’s, installing security technologies and access controls)
- Communication of the changes
Purpose of this guide
This guide contains the policies and procedures put in place by everyone.org to protect the personal information of individuals on whom we maintain systems of records. All our systems of records from which information is retrieved by name or a personal identifier are covered.
Personal information is maintained in systems of records (SORs). A system of records is a file, database, or program from which personal information is retrieved by name or another personal identifier. Personally Identifiable Information (PII) are reviewed periodically to ensure they are relevant, necessary, accurate, up-to-date, and covered by the appropriate legal or regulatory authority. We use the Privacy Impact Assessment (PIA) as a tool to ensure that privacy issues and protections are addressed within information technology systems that contain any PII.
Definition of terms
The terms in this part are defined to ensure consistency and common understanding when used in a Privacy Act context:
Record means any item, collection, or grouping of information about an individual which contains the individual’s name or other personal identifier. The information may relate to education, financial transactions or medical conditions collected in connection with an individual’s interaction with us.
System of records means a group of records under everyone.org’s control from which information is retrieved by the name of an individual, or by any number, symbol, or other identifier assigned to that individual.
Routine use means disclosure of a record for the purpose for which it is intended.
Request for access means a request by an individual to obtain or review his or her record or the information in the record.
Disclosure of information means providing a record or the information in a record to someone other than the individual of record.
Information technology (IT) system (also known as electronic information system) means the equipment and software used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information.
Information in identifiable form means data within an IT system or online collection that permits the identity of an individual to whom the information applies to be reasonably inferred; information that identifies the individual by name or other unique identifier or by which an individual is identified in conjunction with other data elements such as gender, race, birth date, geographic indicator, and similar personal information. Information permitting the physical or online contacting of a specific individual is considered information in identifiable form.
Privacy Impact Assessment (PIA) means the process for evaluating privacy issues in an electronic information system, including examining the risks and effects of collecting, maintaining, and disseminating information in identifiable form, and identifying and evaluating protections and alternative processes to mitigate the impact to privacy of collecting such information. The process consists of gathering data on privacy issues from a project, identifying and resolving privacy risks, and obtaining approval from agency privacy and security officials. Completion of the PIA process results in the PIA Report.
System Manager is the technically appointed employee dealing with any processing of any data.
What personal data do we collect?
We ask you for certain personal data to provide you with the products or services you request. For example, when you contact our consumer services, request to receive communications, prices or any information, create an account, use our website, or enter into a contract with us,.
This personal data includes your:
- contact details – including name, email, telephone number, shipping and billing address
- personal details – including gender, hometown, date of birth and purchase history
- personal details about the patient (in case purchaser and patient are not the same person)
- personal information about the treating physician
- payment or credit card information
- images as screens of prescriptions, official approval documents and other attachments that are necessary to make a purchase of medicines with us
- data on patient history.
When interacting with our website certain data is automatically collected from your device or web browser. More information about these practices is included in the Cookie Policy section of this privacy policy below. This data includes:
- Device IDs, call state, network access, storage information and battery information
- Cookies, IP addresses, referrer headers, data identifying your web browser and version, and web beacons and tags.
Why and how do we use your personal data?
We use your personal data in the following ways:
To provide our services you request
When you use our Site and Services we will use your personal data to provide the requested product and/or service. If you contact our consumer services, we will use information provided by you to inform you about a product, delivery, costs or payment information.
Please note that everyone.org only asks for and uses information that is needed to perform our services and enter into a purchase agreement. We use the personal data you provide to us to operate our business. For example, when you make a purchase, we use that information for accounting, audits and other internal functions. We may use personal data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our Site.
By getting in touch with customer services and sharing information such as your name, email address, address and further (patient) details you consent to the use of this data in order to perform our services and a possible contract. You can opt-out at any time after entering into a purchase agreement. Please do so in writing us. Please note that after you opt out we cannot perform any service nor get into a purchase agreement.
If you are an existing customer of everyone.org (for example, if you have requested our services and/or placed an order with us), we store your personal details in our files (unless you have opted-out). Please note that according to Art. 80 sub e Directive 2001/83/EC records must be kept regarding transactions in medicinal products such as date, name of product, quantity, name and address of supplier, batch number.
To protect our or others’ rights, property or safety
We may also use your personal data about how you use our Site to prevent or detect fraud, abuse, illegal use, violations of our Terms of Use, and to comply with court orders, governmental requests or applicable law.
For general research and analysis purposes
We use data about how our visitors use our Site and services to understand customer behaviour or preferences. For example, we may use information about how visitors search for and find products to better understand the best ways to organise and present our services and products.
Who we share your personal data with
TSM shares your personal data with:
Entities for the purposes and under the conditions outlined above.
Third party service providers processing personal data on TSM’s behalf, for example to process credit cards and payments, shipping and deliveries, administering medicines, host, manage and service our data, research and analysis, and features. When using third party service providers we enter into agreements that require them to implement appropriate technical and organisational measures to protect your personal data.
Disclosure of information
No information contained in a system of records may be disclosed to anyone other than the individual of record without the written consent of that individual, unless specifically allowed under the EU GDPR.
Collection and use of information
When soliciting personal information from an individual or a third party, the system manager must include the following information on the data collection form or other data collection instrument:
- The legal or regulatory authority for collecting the information
- Whether furnishing the information is voluntary or mandatory
- The purpose for which the information will be used
- The routine uses of the information
- The effect on the individual of not providing the information
Information accuracy
Personal information provided by individuals must be accurate and complete. System managers must ensure that the information in the system is relevant, necessary, and timely.
Standards of Conduct on Personal Information
everyone.org’s employees have a duty to protect the security of personal information by:
Ensuring the accuracy, relevance, timeliness, and completeness of records
Avoiding any unauthorised disclosure, verbal or written, of records
Not collecting personal information unless authorized
Collecting only the information needed to perform an authorised function
Collecting information directly from the individual whenever possible
Maintaining and using records with care to prevent any inadvertent disclosure of information.
Safeguarding Information
Physical, administrative, and technical safeguards for their systems of records must be established. The safeguards must ensure the security and confidentiality of records, protect against possible threats or hazards, and permit access only to authorised persons.
Paper records (if any) will be placed in secure locations. Electronic systems will use passwords, identity verification, detection of break-in attempts, firewalls, encryption, and/or other security measures determined to be appropriate by the responsible system and program managers.
The choices about accessing, updating and removing Personal Data
Accessing your records
You can request access in writing (email sufficient). You will be able to examine the record and get a copy of it on request. If you are requesting the information on behalf of another individual, you will be asked to provide a signed statement authorising disclosure of the record from that person, and the statement will be kept with the record.
- Your full name and address
- A description of the records you want
- A brief description of the nature, time, and place of your association with everyone.org, and any other information that you believe will help in locating the record.
How long will it take to get your record?
The record will be provided to you by the system manager within 28 working days after receipt of your request.
Routine uses and disclosures
What is a routine use? It’s the sharing of information for the purpose for which it is collected.
What are our standard routine uses? We have identified certain standard routine uses for its systems of records.
We may disclose system information as a routine use: our employees in the performance of their official duties
In any legal proceeding, where pertinent, to which we are a party before a court or administrative body
To authorised officials engaged in investigating or settling a grievance, complaint, or appeal filed by an individual who is the subject of the record.
Protection and management of your personal data
Encryption and security
We use a variety of technical and organisational security measures, including encryption and authentication tools, to maintain the safety of your personal data.
Retention of your personal data
Your personal information will be retained for as long as is necessary to carry out the purposes set out in this privacy policy (unless a longer retention period is required by applicable law, please see above).
Rights relating to your personal data
You have the right to request: (i) access to your personal data; (ii) an electronic copy of your personal data (portability); (iii) correction of your personal data if it is incomplete or inaccurate; or (iv) deletion or restriction of your personal data in certain circumstances provided by applicable law (to the extend records must not be kept by law).
If you like would to request a copy of your personal data or exercise any of your other rights, please contact us.
Cookies and Pixel Tags
We collect information, which may include personal data, from your browser when you use our Sites. We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our Sites such as click behaviour, purchases and indicated preferences; and (ix) access times and referring URLs.
Third parties may also collect information via Sites through cookies, third party plugins and widgets. These third parties collect data directly from your web browser and the processing of this data is subject to their own privacy policies.
We use cookies and pixel tags to track our customers’ usage of the Sites and to understand our customers’ preferences (such as country and language choices). This enables us to provide services to our customers and improve their online experience. We also use cookies and pixel tags to obtain aggregate data about site traffic and site interaction, to identify trends and obtain statistics so that we can improve our Sites. There are generally three categories of cookies used on our Sites:
Functional: These cookies are required for basic site functionality and are therefore always enabled. These include cookies that allow you to be remembered as you explore our Sites within a single session or, if you request, from session to session. They help make the shopping cart and checkout process possible as well as assist in security issues and conforming to regulations.
Performance: These cookies allow us to improve our Sites’ functionality by tracking usage. In some cases, these cookies improve the speed with which we can process your request and allow us to remember site preferences you have selected. Refusing these cookies may result in poorly-tailored recommendations and slow site performance.
Social media and Advertising: Social media cookies offer the possibility to connect you to your social networks and share content from our Sites through social media. Advertising cookies (of third parties) collect information to help better tailor advertising to your interests, both within and beyond our Sites. In some cases, these cookies involve the processing of your personal data. Refusing these cookies may result in seeing advertising that is not as relevant to you or you not being able to link effectively with Facebook, Twitter, or other social networks and/or not allowing you to share content on social media.
You can always change your preference by visiting the “Cookie Settings” at the bottom of each page of our Sites.
For a comprehensive and up-to-date summary of every third-party accessing your web browser, we recommend installing a web browser plugin built for this purpose. You can also choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings on each browser and device that you use. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to many features that make our Sites and Apps more efficient and some of our services will not function properly.
Changes to our privacy policy
Applicable law and our practices change over time. If we decide to update our privacy policy, we will post the changes on our Site. If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices. This privacy policy was last modified in May 2018.