Date of Last Revision: June 23, 2021
Mya Care, a Limited Liability company with registered office at 4th Floor, Harbour Place, 103 South Church Street, P.O. Box 10240, Grand Cayman KY1-1002, Cayman Islands, together with its affiliates (“Mya Care”, “us”, “we”, or “our”) manages www.myacare.com (“Website”), an online portal connecting individuals with Care Providers and Third Party Service Providers. Mya Care is committed to respecting the privacy of every person who accesses the Website or uses its services (“Services”).
We process information of the following:
- Website Visitor – this applies if you visit the Website including other eventual subdomains associated with our principal domain.
- User – this applies if you create a User Account on the Website, whether as an individual affiliated with a Care Provider or an individual seeking healthcare services and other complementary services or to contribute content to the Website.
Disclaimer: Mya Care does not need and does not specifically request, control, store or otherwise process any type of medical or health information relating to Users or Visitors. Any such information you provide us is at your complete discretion, and you do so acknowledging that we are not subject to HIPAA or other similar laws and regulations. If you provide us with medical or health information, we will only use it for its intended purpose, namely forwarding it to Care Providers or Third Party Service Providers you select. Please do not supply any other person’s personal data to us unless we so request.
- Care Provider means a healthcare provider including, but not limited to, hospital, clinic, doctor, caregiver, rehabilitation / physiotherapy center, dialysis clinic, wellness center, spa center, pharmacy or e-pharmacy, lab services, medical tourism agent/facilitator or diagnostic center.
- Data Controller - is the natural or legal person, public authority, agency or other body, which determines the purposes and means of the processing of personal data.
- Data Processor - is a natural or legal person, public authority, agency or other body which processes personal data received from the Data Controller.
- Data Subject - is any identified or identifiable natural person, whose personal data is collected and processed by us.
- Personal Data – is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Anonymized information is not personal data.
- Process(ing) - is any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, etc.
- Recipient - is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed.
- Third party - is a natural or legal person, public authority, agency or body other than the ones above, who, under the direct authority of the controller or processor, are authorized to process personal data.
- Third Party Service Providers means companies which provide complementary or adjacent services related to Healthcare Services including but not limited to home nursing care, accommodation and transportation.
Personal Data We Collect
We collect personal data when you use and interact with the Website and Services, and in some cases from third party sources. This includes when you:
- Create an account on the Website;
- Policy acceptance time stamp (date and time, IP address, location);
- Submit inquiries to Care Providers using the Website;
- Search for Care Providers or for available appointments with Care Providers;
- Send us medical or health information to forward to Care Providers or Third Party Service Providers, subject to the disclaimers above;
- Voluntarily provide information in free-form text boxes on the Website;
- Respond to surveys and questionnaires;
- Leave feedback and reviews for Care Providers or Third Party Service Providers;
- Use the “Contact Us” function on the Website, send us an email, use our chat feature, call us, WhatsApp, social media or contact us through other means.
- Provide us with information relating to your travel arrangements for purposes of seeing a Care Provider or Third Party Service Provider.
In order to provide you with our Services, we may ask that you share personal data that identifies you or could be used to identify you, including but not limited to: first and last name, gender, physical address, email and telephone contact information, and professional history and qualifications if you are affiliated with a Care Provider. Users and Visitors submitting inquiries, questions or comments via the Website, WhatsApp, social media, or other means may also contain personal data.
We additionally collect information about your visit to the Website, including:
- Your ISP;
- The operating system used by the accessing system;
- The website from which an accessing system reaches our Website (so-called referrers);
- The sub-website;
- The date and time of access to the Website;
- The length of your session;
- An Internet Protocol address (IP address);
- Screen resolution;
- Local preferences;
- Web page visited before you came to our Website;
- Information searched for on our Website;
- Date and time stamps for actions on the Website;
- System configuration information and other interactions with the Website;
- Social network information (if you permit us to verify your account using social media accounts);
- Any other similar data and information that may be used in the event of attacks on our information technology systems.
This information qualifies as personal data under the laws of some jurisdictions, although it cannot be used to identify you directly.
How We Use Personal Data
We use personal data we collect to:
- Deliver the content of the Website;
- Optimize the content of our Website;
- Send you (via email / SMS / WhatsApp / phone / mobile push / web push / etc.) newsletters, updates, or other news regarding the Services. You may opt out from receiving these communications by following the unsubscribe instructions or contacting us directly;
- Process payments;
- Communicate with you in the context of providing our Services, for example follow up on inquiries, answer your questions, or provide recommendations relating to your plans for travel and accommodations;
- Seek your feedback in relation to the Website and Services;
- Administer or otherwise carry out our obligations in relation to any agreement you have with us;
- Anticipate and resolve problems related to the Website and Services;
- Investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of the Services or Website policies, or as otherwise required by law.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process your personal data if necessary for us to:
- Respond to law enforcement requests, subpoenas, and court orders, or comply with a legal obligation to which we are subject;
- Establish or exercise our legal rights or defend against legal claims;
- Protect your vital interests or the vital interests of another natural person.
If you send Mya Care a message, this message can be stored to process it, to compile statistical information, to improve our services and support, or to get in touch with you. Further communication between you and a Care Provider or Third Party Service Provider made via email will have no connection to Mya Care.
How We Share Personal Data
With Data Processors: We share your personal data with Data Processors to help maintain and operate our Website and Services. For example, we use Data Processors to assist us with data and web hosting, payment processing, and email communications. These Data Processors are only given access to your personal data in order to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. In addition, we require such Data Processors to enter into contractual agreements requiring them to handle personal information in a confidential manner, maintain adequate security, and only use personal information as needed to fulfill their specific business purpose.
With Care Providers: If you so request, we will share your personal data with Care Providers with whom you wish to communicate regarding their services. Personal data transferred to a Care Provider at your request is subject to that Care Provider’s data privacy policies, and Mya Care is not responsible for that Care Provider’s policies. If you engage the services of a Care Provider using the Website, we will receive non-medical personal data and statistical information relating to your use of their services (e.g., your name and date of appointment, specialty) strictly for the purposes of enabling us to correctly provide our Services.
Third Party Service Providers: If you so request, we will share your personal data with Third Party Service Providers with whom you wish to communicate regarding their services. Personal data transferred to a Third Party Service Provider at your request is subject to that Third Party Service Provider’s data privacy policies.
With Third Parties: We do not sell, rent, or trade personally identifiable personal data to third parties for marketing purposes. Non-personally identifiable personal data (e.g., aggregated browsing data or analytical data) may be provided to other parties for marketing, advertising, or other uses. We may also allow trusted third parties to collect information from your visit to the Website using cookies and other tracking technology (see below) for analytics or marketing purposes.
With Acquirers: In case of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you and/or your organization (for example, via email and/or a prominent notice on our website) of any change in control.
Data Retention and Data Deletion
We retain the personal information collected from Users and Visitors:
- For as long as necessary to maintain record of transactions for financial reporting, audit, and compliance purposes, and to comply with our legal obligations, resolve disputes, enforce agreements, and as otherwise permitted by applicable law.
We may also anonymize information by removing all the personally identifiable elements. In such cases we may retain such information indefinitely.
All personal data collected using the Website is stored on secure servers in the European Union. Care Providers and Third Party Service Providers are located in different countries. By using the Website or our Services, you agree that your personal data may be transferred to and stored in countries other than your own.
- The cookies in use on the Website can be categorized as follows (cookies may pertain to one or more categories):
- Essential: cookies which enable core functionality, truly essential cookies do not require consent (i.e. account login related cookies);
- Functional: cookies which are not strictly essential, but which enhance the user experience (i.e. remembering users’ choices);
- Analytics: first- or third party cookies which are used to track website visiting and usage patterns (i.e. Google Analytics, Facebook Pixel); and
- Marketing: first or third party cookies used for serving personalized advertising and tracking users across third party sites.
We do not track visitors to our website over time and across third party websites to provide targeted advertising, and the website does not respond to all Do Not Track (DNT) signals.
We may utilize a consent tool to keep a record of consent to Cookies provided by Data Subjects and Data Subjects may use the consent tool to control their cookie preferences.
We utilize reasonable administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of the information that we collect, receive, store, and transmit. However, no method of transmission over the Internet or method of electronic storage is 100% secure; therefore, we cannot guarantee its absolute security. While we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining information.
You are responsible for maintaining the confidentiality of any username and password you maintain in connection with our services. To help protect against unauthorized or improper use, make sure that you log out at the end of each session. If you share your username or password with others, they may be able to obtain access to your personal information at your own risk. If you believe that your username or password have been compromised, you should immediately change your password and contact support. We reserve the right to automatically lock accounts or suspend accounts that have attempted to log in multiple times with invalid passwords. Please contact support if you suspect this has happened.
Protecting the privacy of every minor is equally important to us. The Website and Services are not intended for children less than thirteen (13) years and you hereby acknowledge that you are above the age of thirteen (13) years of age, or the legal age of majority where you reside if that jurisdiction has an older age of majority while availing the Website and Services.
Third Party Links
The Website may feature links and hyperlinks to third party sites. Mya Care does not make any representations regarding the services or content of such third party sites. We are not responsible for the privacy practices employed by third party sites, the information or content contained therein, nor any third party’s use of personal data collected and used when you visit such sites. Please remember that when you use a link to go to another website, this Policy is no longer in effect. Your browsing and interaction on any other website are subject to that website’s rules, terms and conditions, and/or policies.
How to Exercise Control over Your Personal Data
This section describes how we comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”). Under the GDPR, if you are an individual in the European Economic Area you have the right to:
- Access your personal data – meaning confirmation whether we process your personal data, together with certain additional information such as categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
- Have your personal data corrected - meaning to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.
- Erasure in certain circumstances – meaning, unless an exception applies, where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes, and the personal data have been unlawfully processed.
- Object to or restrict how your personal data is processed – meaning where you object to use of your personal data for marketing purposes or you contest the accuracy or necessity of our processing of the personal data.
- Take your personal data elsewhere – meaning to receive from us a copy of the personal data you provided to Mya Care in a structured, commonly used, and machine-readable format.
- File a complaint – meaning submit any complaints to the Data Protection Authority in your country.
- Withdraw consent – meaning to the extent that the legal basis for our processing of your personal data is consent, you also have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
For those Users and Visitors who are not covered by the GDPR, we are still committed to responding to your inquiries and feedback regarding the handling of your personal data. You have a right to complain and to have your complaint handled efficiently if you are concerned about our handling of your personal data. If at any time you wish to raise an inquiry or complaint, you may contact us at: firstname.lastname@example.org.