Privacy Notice
This privacy notice is effective as of the 8th September 2023
Facilitating the sharing and discussion of different ideas and approaches in medicine is the cornerstone of what we do. To that end, our online community offers medical professionals around the world the chance to interact and connect with one another. In providing this service, we are committed to maintaining your trust and confidence with respect to your privacy.
This privacy notice explains how we collect, use and share your personal data when you use our website and application.
1. About our privacy notice
2. Personal information we collect
3. How we use your personal data
4. How we share your personal data
5. How we store your personal data
6. Your data protection rights
7. How to contact us
1. About our privacy notice
This privacy notice applies to our website and app, including programs and events, that refer or link to this privacy notice (the “Services”). For the purposes of any data you provide, or that is collected by us for or in connection the Services, Reachora Limited trading as Wondr Medical will be the controller of your data.
It is important that you read this privacy notice, and any other documents referred to in this privacy notice, together with any other privacy notice we may provide on specific occasions (such as when registering for a live event) so that you are fully aware of when and how we are collecting or processing your personal data, and why we are using your data.
Historic versions of our privacy notices can be obtained by contacting us at hello@reachora.com.
Words and phrases defined in the Terms of Use have the same meaning in this privacy notice unless specified otherwise.
2. Personal information we collect
We collect information about you in multiple ways; directly from you, from third-party sources, and through automated technologies.
Data collected from automated technologies
We and service providers acting on our behalf, like Simple Analytics, store log files and use tracking technologies such as cookies, pixels and web beacons.
- We and our services providers use these technologies to collect and analyse technical information including:
- IP address
- Device type
- Your operating system version
- Your browser type and version
- Referring and exiting pages and URLs
- The number of clicks on a page
- Pages viewed and the order of those pages
- The amount of time spent on particular pages
For further information on the automated technologies that we use, the controls you have over them and the settings to turn off/ reject cookies, please see our Cookie and Tracking Notice.
We respect Do Not Track signals.
Data you provide to us
The types of personal information that we collect directly from you depends on the content and features of the Services you use and how you otherwise interact with us and may include:
Data you provide when you register, such as your name, email address and password, medical specialty, hospital and years of practice;
Profile Information which may include your medical speciality, hospital, years of practice, photo, a list of your publications, meetings you are attending, and a personal bio. Any information you include on your profile, you do so at your discretion. We recommend that you do not add any information to your profile that you are not comfortable with being publicly available;
Public information that you provide to us as part of interacting with the Service, such as when you share content, follow topics and channels, search queries, make comments, or automatically link your account with Twitter (which will mean that Twitter posts get cc’d into our network feed);
Data from non-public communications (direct messaging and rooms), such as who you have interacted with and when, and the content of those communications.
Information that you communicate to us, such as questions or information you send to customer support;
Any data that you provide must comply with the Community Guidelines.
Data others provide about you
In having an open system for communication, it is possible that others may also share content using the Services that includes data about you (e.g. through academic papers, posts, comments, or video content).
Data from your use of the Services
The Services may automatically collect information on how you and your device interact with the Service such as:
- Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, error reports and performance data.
- Usage data, such as logs of when you visit or use our Services, browsing actions and patterns, when you view or click on content or ads (on or off our website), when you share content, what sites you visit after you leave our Services, referring domains, and any other data that your device may send to us based on your phone settings (e.g. location data). To link you with this log of activity, we use your log-in information, cookies and device information.
We collect this data through our servers and the use of cookies and other similar technologies. We use cookies to collect data to link you and your device(s) with your activity when using our Services.
We use cookies from third parties (such as LinkedIn) on our Services to allow us to collect data on how you use and interact with our Services (see Developing our Services in Section 3). If you have given us permission to use analytics before, you can turn off/ reject the collection of this data using the settings provided in our Cookie Notice.
Data from your organisation
If you are acting as an administrator of an organisation’s page on our website, your organisation may provide us with data about you, including your contact details and your credentials/permissions as an administrator. If you have any objections to this, you can talk to your organisation or to us directly by emailing hello@reachora.com.
Data from third parties
We may receive information about your visits and interactions from various third parties such as:
Analytics providers, such as Simple Analytics.
Websites that include our ads, cookies (or similar technologies).
3. How we use your personal data
How we use your data will depend on a number of factors. These include; how the data was collected, who provided the data, which Service you use, how you use the Service, and any choices you have made about your data (either in the settings area of your account, the Cookie policy opt-ins or where you have notified us).
We will only collect and process your data where we have a lawful basis for doing so. Lawful bases include consent (where you have provided it to us), contract (where processing is necessary for the performance of a contract, such as the Terms of Use under which we provide the Services to you), and “legitimate interests”.
Where we rely on your consent to process your data (such as for tailored ads or direct marketing) you have the right to withdraw or decline your consent at any time. Where we rely on legitimate interests, you have the right to object to those legitimate interests. If you have any questions around what basis we are processing any of your data, please contact us at hello@reachora.com.
We will use your personal data in the following circumstances:
To provide the Services to you
We use your data to provide the Services to you so that:
- you can sign into the Services. We use cookies to verify your account (so you don’t have to keep logging in) and to determine when you’re logged in (so you can access the Services and navigate between various pages with ease);
- others can find your profile, see the information that you have made public, and provide you with content;
- you can share your views and content in the form of posts and comments;
- the Services may be personalised for you (e.g. so that you see content that may be of interest to you). We use cookies to enable us to provide each function of the Services, and to provide you with personalised content from publishers. We also use cookies to remember information about your browser and any settings or preferences.
To keep in touch with you
We may contact you via email, the Services (e.g. using notices), or by other means in order to send you messages about Service availability, security issues, or similar service issues. Please be aware that, whilst you cannot opt out of receiving service messages or legal notices from us, we will not provide you with direct marketing or information about relevant events (from us or any third parties) unless you have specifically given us your consent for such.
Advertising
We will show you (and measure and report on the performance of) ads, directly or through advertisers, like Google Ads, Meta, Twitter, Reddit and LinkedIn. Where we do so, we use the following data to tailor the ads that you see to ones that what we think are more relevant to you:
- data from various technologies on and off our Services (e.g. cookies, pixels, ad tags, and device identifiers)
- information that you provide to us (such as that described in section 2);
- data from your use of our Services (such as that described in section 2);
- information from advertising partners and publishers; and
- other information described in section 2 above.
Information on our Advertising Providers
We use tracking pixels provided by our advertising providers (Google Ads, Meta, Twitter, Reddit and LinkedIn) to follow the actions of users (such as link clicks, video playbacks and pages viewed) after they are redirected to our website by clicking on an advertisement. We use this information to gather insights into our audiences and assess the effectiveness of advertising campaigns that we run on those platforms. The collected data remains anonymous, meaning that we cannot see the personal data of any individual user. However, the collected data may be saved and processed by the advertising provider, allowing them to connect your account with them with the collected data, and use the data for their own advertising purposes. Additional cookies may be saved on your computer for these purposes.
We also use pixels to identify users who have visited our website before so that we can serve them ads on our advertising providers platforms that are likely to be of more relevance to them.
For further information on the technologies we use for advertising purposes, links to the privacy policies of our advertising providers and instructions on how to opt out of these, please see our Cookie and Tracking Notice.
Promoted content
From time to time, publishers may want their content or events to be seen by specific users of the Services. For example, where they believe that their content is relevant for users in a certain location, with certain expertise, or in a certain practice area. In addition to showing you tailored ads using the data mentioned above, we may also show you specific content or event details on the Services (e.g. in your feed) that publishers have asked us to promote.
Developing our Services
We use your data, including any feedback that you provide to us, surveys that you voluntarily complete, and data about your engagement with certain content using the Services, to develop our Services in order to encourage better future engagement and to provide you with a better experience going forward.
We use cookies to analyse how the Services are accessed, used or are performing. This information is then used to maintain, operate and enhance the Services with the aim of improving your overall experience. We use analytics tools like Simple Analytics to track page views and user behaviour within the Services. It’s important to know that your data is kept on these services (please see Section 4 for information on how your data is shared).
We also use these cookies to create insights and provide aggregated information to publishers and advertising partners about how you use the Services, the content you interact with, and how you interact with our and their ads, websites and apps.
Where you have opted in to receive marketing emails, we may also obtain information from our emails to you, such as whether an email has been delivered and if you have opened an email.
Providing support
We use your data (including content shared and comments posted) to investigate, respond to and resolve complaints from users or publishers and for Service issues.
Providing insights to others
We may use your data to produce and share insights, where these insights do not identify you. For example, we may use your data to generate demographic and content engagement statistics for publishers and advertisers based on your and other users’ views, follows, re-posts, general locations, areas of practice, other interests etc.
Security reasons
We use your data for security purposes, including for the prevention or investigation of fraud or other violations of our Terms of Use or Community Guidelines. We use cookies to keep your account, its data, and the Services secure. We also use cookies to detect security threats, activity in breach of the Terms of Use and Community Guidelines, and any other malicious activity.
4. How we share your personal data
Public Information
Our service is public and the information that you include on your profile is visible to all other users of the Services as well as publishers. Additionally, when you post a comment or share any content using the Services (e.g. on your own page or on another’s page), this can be publicly viewed by all other users and publishers and may be copied or reshared elsewhere. You should think carefully about sharing information that you may not be comfortable making publicly available.
Non-Public Communications (Direct Messages and rooms)
Some features of the Service allow you to communicate more privately and control who sees your content.
Direct messages allow you to have non-public conversations on the Services. Using rooms allow you to host or participate in private discussion groups. We share the content of the direct messages with the people you’ve sent them to. Content added to rooms will be shared with other members of the room. We do not use these features to serve you ads. When you use these features to communicate, please remember that recipients have their own copy which they may duplicate, store or share, even if you delete your copy from your account.
Suppliers and Service Providers
Depending on how you use the services, we share your personal data with:
- email services providers (Mailchimp and Sparkpost),
- access and authentication service providers (Auth0),
- web analytics service providers (Simple Analytics)
- IT service providers (AWS).
as necessary to provide the Services, complete a transaction or fulfill your request or otherwise on our behalf based on our instructions. Your personal data may be accessed, stored or processed by these services.
We use data processors who are third parties to provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us and will retain it for the period we instruct. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
Third Party Event Sponsors
When you register for a live third party event (such as conferences, webinars or live cases), we may share the information you provide, such as your name, institution name and email address with the third party sponsoring or hosting the event. They may use this data to contact you with information relevant to the event. We will only share your data with the third party if you have given specific consent for us to do so, requested at the time of event registration.
With regulators or where required by law
In some circumstances, we may be legally required to use or disclose information about you. Examples of when this might be necessary include, to:
- comply with a regulator’s investigation, or to prevent or act in respect of suspected or actual illegal activities taking place via the Services;
- enforce the Terms of Use or any other agreements we have with you or others;
- investigate and defend ourselves against third-party claims or allegations; and
- protect the security and integrity of the Services, including the protection of rights of other users, publishers and our employees.
Where we need to use your personal data for one of the reasons listed above, we will attempt to notify you of such, unless prohibited by law or court order or in case of emergency.
If we are acquired by another company
We will share your data with other companies as part of any sale process, merger, or change of control of our business. Any entity that purchases us or part of our business will have the right to continue to use your data only in the ways set out in this privacy notice, unless you agree otherwise.
5. How we store your personal data
Cross-border transfers of data
We process and store data inside the European Union and the United Kingdom and we rely on legally provided mechanisms to lawfully transfer data across borders. Our AWS servers are located in Ireland.
Data retention
As a general rule, we retain your data as long as you keep an account open with us or as long as we require to provide you with the Services. This is subject to your exercise of rights (set out in section 6) and any data that might be retained after closure of your account, as detailed below.
Account closure
If your account with us is closed for any reason, your personal data will normally stop being visible to others on our Services within 24 hours. We will hold any data and content that you previously provided to us for a period of 90 days following closure of your account. This is to allow you sufficient opportunity to (a) request that your account be re-activated if you change your mind, and (b) request copies of your data before it is permanently deleted.
We may retain your data beyond this 90 day period where it is reasonably necessary for us to do so in order to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve legal disputes, maintain security, prevent fraud and abuse (e.g. if we have barred you from using the Services for breach of our Terms of Use), or to fulfil your requests to “unsubscribe” from any direct marketing that you might have previously consented to. Additionally, we may retain certain information in an aggregated and anonymised/depersonalised format (e.g. the insight information referred to in section 3) after you close your account.
You should note that, where you have shared information with others using the Services (e.g. comments, posts, etc.) this will remain visible after you close your account and we have no control over data that other users or publishers may have copied out of the Services.
Security
We intend to implement industry standard security safeguards designed to protect your data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, we cannot guarantee the security of any information that you provide when using the Services. In the rare event of any reportable data breach, we will notify you as soon as possible and in accordance with regulatory requirements.
6. Your data protection rights
The Service allows registered users to directly access their account information and make corrections or updates at any time, control links to their Twitter account and, in the ‘settings’ area of your account, to control whether you receive marketing emails from us. Keeping such information up to date is solely the responsibility of the user.
In addition to these controls you have rights under data protection law, namely the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with these. Where data is processed by a controller or processor established in the European Union or comprises the data of people of the European Union, it also includes the EU General Data Protection Regulation (EU GDPR).
These rights include:
- Your right of access – You have the right to ask us for copies of your personal information
- Your right to rectification – In addition to the controls described above, you have the right to ask us to rectify personal data you think is inaccurate and the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to delete your personal data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstance, e.g. if we have no legal right to keep using it, or if your data is inaccurate or unlawfully held.
- Your right to data portability – You have the right to ask that we transfer all or specified personal data you gave us to another organisation, or to you, in certain circumstances, by means of a copy of the data provided in a machine-readable form (e.g. pdf, word, excel etc.).
- Your right to restrict data processing – You have the right to ask us to restrict processing of your personal data in certain circumstances, e.g. you have an issue with the content of the information that we hold. This may be used as an alternative to erasing your data.
You are not required to pay any charge for exercising your rights. If you wish to exercise any of these rights, please contact us using the details in Section 7. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.
7. How to contact us
Wondr Medical is a company registered in England (company number 10413945) with it’s registered office at Finsgate 5-7, Cranwood Street, London, EC1 V9EE (collectively referred to as “Wondr Medical, “we”, “our” and “us” in this privacy notice).
If you have any questions about this privacy notice, concerns how your personal data is used by us, or wish to make a request to exercise your legal rights, you can contact our Data Protection Office (DPO) using the details below.
Name: Elisa Voros
E-mail: dpo@wondrmedical.net
Postal Address: Finsgate 5-7, Cranwood Street, London. EC1 V9EE
If you are not satisfied with our response, or if we cannot resolve your complaint you can also contact the Information Commissioner’s Office (“ICO”). Please note that nothing prevents you from taking a matter to the ICO before having spoken to us, nor does anything prevent you from taking a matter to the relevant data protection regulator in your home country.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Our EU Representative
If you are based in the EU or EEA, we have appointed a representative based in the EU for you to contact with any issues or queries you may have relating to our processing of your Personal Data. Our EU representative is Thomas Rickert who can be contacted directly by emailing Thomas@rickert.law.