Revisions Date: January 1, 2021
Our contact details:
Medical Electronic Systems Limited
20 Alon Hatavor Street, Caesarea Industrial Park, Israel Zip code: 3088900
Email: [email protected]
- GDPR: The General Data Protection Regulation (EU) 2016/679 (GDPR)
- Personal Data: Information relating to an individual who can be directly identified. Personal Data includes factual information as well as expressions of opinion or intentions.
- Data Controller / Controller: The organization that determines the manner and purposes for which Personal Data is to be processed. In this case, MES.
- DPO: The Data Protection Officer, a person appointed to deal with all data-related matters. Our DPO at the time of creating this policy is Taly Vider Cohen. You can address any data-related issues or questions to this person at the following email: [email protected]
- Processors: Staff members of MES authorized to discharge the responsibilities of the Data Controller.
- “Staff members” – employees, contractors, consultants, and anyone acting on behalf of our organization.
- Users: Any individual who either browses the public website, engages with our support, speaks with our staff, creates a profile, or uses our site or App or test kit.
- Personal Data Breach: Loss, theft, or unauthorized access, use or disclosure of Personal Data.
- “Our website” or “The site” – mes-global.com or www.yospermtest.com
- “Our App” – a downloadable mobile application – YO Home Sperm Test (“YO”) currently available on the Apple App store (https://apps.apple.com/us/app/yo-sperm-test-wi-fi/id1479375457) and on Google Play (https://play.google.com/store/apps/details?id=com.MES.YOtm2) and, in the future, could be available on additional sites or stores.
- “Third parties” – Suppliers, business contacts, staff members of our users and any other people that we may need to contact.
The Information That We Collect and Store:
Personal Data means any information about an individual from which that person can be identified. We currently collect and process the following information about some individuals (we don’t necessarily have some or all of this data about you):
If you sign up on the App or on the site, you create a profile that includes the following data:
- Profile Data: first name, last name, age, and gender.
- Contact Data includes approximate location data, email address, wi-fi name, internet connection details, connection speed.
- Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We also collect the following data when you log onto the site or App, we collect:
- Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, operating system, and other technology on the devices you use to access this website.
- Customer Support Data includes feedback and survey responses. If you have engaged in a webchat or contacted us by email or on live chat, we will retain a record of that conversation
- Usage Data includes information about how you use our APP, website, products, and services.
As explained here, there are some very limited circumstances, when we collect data about your health which is a special category of Personal Data entitled to increased protection.
In most cases, when you use the App to upload test results, we do not know and have no way of knowing that results belong to a particular person. In these circumstances, although we have results data, they are entirely anonymous.
However, in some cases, such as a support enquiry or an issue concerning test results that we need to investigate, we may ask you to upload your results. In this case, we would have both personally identifiable information and the results of the user’s semen analysis tested by our App (YO Sperm Test), including qualitative results of MSC (motile sperm concentration), semen quality score (YO SCORE) and a video recording of the user’s sperm.
We acknowledge the particular sensitivity of your health data and have therefore implemented a policy that is meant to make sure that we never store more data than we need, we only store such data for the minimum amount of time required, we keep it under strict security protocol and dispose of it regularly. If you would like to know more, please get in touch with our DPO.
Other than the health data described above, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How do we collect this information?:
Most of the personal information we process is provided to us directly in the following way/s:
- You create an account and provide us with your email address
- You upload test results
- When you create an account with us, you agree to disclose your personal data to us (specifically, your email, age, and location).
- When you upload your test results, you complete a declaration and agree to give us access to them for limited purposes.
We might also obtain data from additional sources:
What do we do with your information?
The information that we receive from you, is received for the following reasons:
- We analyze the test results to check whether the problem reported by the customer is related to a software bug or any other software issue. Then we are using the email address to get back to the customer.
- Geo-location data – we use this data to suggest physicians in your proximity.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
There are numerous justifiable reasons under the GDPR that allow collection and processing of Personal Data. We rely mainly on:
- Consent: Certain situations allow us to collect your Personal Data, such as when you provide us with your email or upload your test results and tick a box that confirms you authorize happy for us to receive this data, you are thereby consenting that we receive, hold, and process the data.
- Contractual Obligations: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
- Legal Compliance: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
- Legitimate Interest: We might need to collect certain information from you to be able to meet our legitimate interests – this covers area that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom, or interests. Examples could be your geolocation, so that the App can suggest physicians or other service providers in your physical proximity.
For the collection of special category data (health information), we rely on explicit consent.
We may share this information with:
We may share non-personal data with third parties to, for example (but not by way of limitation), improve our site, App, or services.
We may share your Personal Data with subcontractors (only when necessary and with your consent) or affiliates (subject to confidentiality obligations to use it only for the purposes for which we disclose it to them and pursuant to our instructions).
We may also share Personal Data with interested parties in the event that MES anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.
How we store your information
Your information is securely stored in Firebase, Bigquery, and Mongo DB. We store the data on secure cloud services running in the United States. Firebase and Bigquery are part of Google. Google and MongoDB are organizations committed to privacy and have stated that the model clauses relating to transfer of data between the EU and United States are fully compliant with the GDPR. We urge you to read their statements and policies in full.
We generally don’t delete the information that we hold for the benefit of our users who may want to use our services in the future but in the event that we requested results data, which is special category data, we would make every effort not to hold it for more than a year and we will do so by fully anonymizing any results data that we have received such that it could not be linked to a particular person. You can also request to delete data which refers to you by ticking a checkbox.
We have implemented a concept of security by design and constantly apply rigid data protection measures to secure your data.
We take at least the following measures:
- We are protecting databases with unique password (database is accessible from a website with is password protected)
- Each internal user has a unique password.
- We encrypt our databases.
- We encrypt our passwords.
- We implemented an Audit trail, so that we can investigate any issues.
- We conduct regular vulnerability testing at least once a year
- We maintain a risk management policy, regularly assess, and address risks related to privacy and security
- We use an encrypted HTTPS protocol for our websites.
Even though we follow industry best practices and make great efforts to protect your data, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure or have any reason to believe that a data breach has occurred, please contact us urgently.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erase your data – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
- California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and to provide contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the DPO.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact our DPO with any data-related issues including any of the requests detailed above.
- Marketing consent – You will receive marketing and new content communications from us if you have created an account. You can ask us to stop sending you marketing messages by changing the communication preferences in your account with us. This can be done by logging into the account and unticking the relevant checkbox.
- Purpose – We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Our DPO is always available to explain how the new purpose is compatible with the original purpose. We may process your personal data without your knowledge or consent, but we must have a legal basis to do so as detailed above.
- How long will we retain your data for? – we will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
- International transfer of data – your information may be stored and processed in the United States or other countries or jurisdictions outside the US where we have facilities. Insofar as we store data in the US, we will always use providers that have implemented the model contract clauses that enable transfer of data between the EU and the US. by using the YO APP, you are permitting and consenting to the transfer of information, including personal data, outside of the US.