Privacy Policy Last Updated May 24th, 2018

This Privacy Policy applies to your Personal Data when you use the Service or visit www.findmecure.com or use our Services through this website. Please, take time to read it carefully. We want you to be clear how we use your information and the ways in which you can protect your privacy.

This Policy is an integral part of the our Terms of Use (the “Terms”).

FindMeCure stresses its privacy and security standards to guard against identity theft and provide security for your personal information. We regularly re-evaluate our privacy and security policies and adapt them as necessary to deal with new challenges.

  1. Who uses your information

    2. The company, which uses your information as a controller of personal data is: FINDMECURE LTD. - a company incorporated under the law of the England and Wales, registered into the Registrar of Companies for England and Wales under company number 10821379.

    Contract person for privacy matters:

    • Name: Ivaylo Yosifov
    • Phone: +359899106405
    • Email: ivo@findmecure.com

  2. Personal Data (Personally Identifiable Information)

    3. In the course of using the Service, we collect some personal data relating to you. Here is what we collect and what we use it for:

    • When you create your profile, we ask for your name, telephone number, e-mail address, country of residence and medical condition.
    • We need your name and e-mail address, telephone number, in order to identify you and to communicate with you in relation to the Services we provide to you.
    • We need an indication of your country of origin and medical condition in order to identify any suitable program or another initiative as part of the Service which you have optioned to use. Without this information, we cannot provide you with personalized recommendations designed only for you in view of the specifics of your condition.
    • We shall not be using your contacts for any promotional, direct or indirect marketing reasons. We shall only send you useful materials about your condition and clinical trials, as we have engaged to do as part of our Services.

    The information about your medical condition is treated with high level of privacy and confidentiality by the applicable data protection legislation, so we need your explicit consent to receive and process this data, which you can withdraw at any time. Immediately after you delete your profile or terminate using the Services in any other way, your health data collected will be erased or anonymized in accordance with the law.

    The information about your medical condition will be collected only after consent given by you.

    You may withdraw your consent at any time by writing to our Contract person for privacy matters in any convenient way: by letter or e-mail at the addresses stated above. You may also withdraw your consent very easily with the special feature, installed in your profile specially to provide you with that option.

    We shall not use any other personal data, except for categories of data, described above. We will ask for your explicit consent before using personal data for a purpose other than those that are set out in this Privacy Policy.

  3. Collection of data

    4. We collect personal data only from the person concerned. As entering personal data is personal and voluntary for everyone, each person shall be responsible not to provide third person’s personal data.

    We provide Services to, allow registration and collect personal data only to persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Services.

    If we obtain actual knowledge that we have collected personal data from a person under the age of 18 in violation of the legal requirement, we will promptly take appropriate measures and we may delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18 in violation of the legal requirements.

    If you would like to register and enter the personal data of your child aged under 18, we shall need your explicit consents, so please send us an email to the email address above, stating your name, the name of your child and a declaration that you are his/her parent as well as a declaration that you agree us to process his/her data s described in this Privacy policy. Please, keep in mind that it shall be a substantial breach of data protection law, if you provide us with untrue information, data or declarations regarding a minor and you shall bear all responsibility for processing third person’s personal data in violation of the applicable law.

  4. Retention and Deletion

    5. FindMeCure will retain your Personal data for as long as your account is active; as needed to provide you the Services; as needed for the purposes outlined in this Privacy policy or at the time of collection; as necessary to comply with our legal obligations (e.g., to honor opt-outs), resolve disputes and enforce our agreements; or to the extent permitted by law.

    After terminating your profile, we shall delete or anonymize all your personal data in accordance with the requirements of the applicable legislation in a manner designed to ensure that it cannot be reconstructed or associated with you.

  5. Processing and Sub processing

    6. We take appropriate contractual, technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.

    For providing quality Services we engage third party service providers - Sub processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. We provide personal data to our Sub processors only to process it for us, only based on our instructions and only in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. We do no sell or disperse your persona data otherwise.

    Based on the above we store data information in the European Union and the United States. We always make sure that our data processor partners are part of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. We have signed DPAs (Data Processing Agreements) with every data processors, which stores data outside of European Union. Here is a list of the third-party data processors we use:

    • Microsoft Corp.
    • Google Ireland Ltd.
    • Typeform S.L.
    • Freshworks, Inc.
    • Hubspot, Inc.
    • Intercom, Inc.
    • SendGrid, Inc.
    • Trello, Inc.
    • Slack Technologies Ltd.
    • FMC Ltd, Bulgaria.

  6. What We Share

    7. We do not share personal information with companies, organizations and individuals. We may share some information regarding clinical trials with third parties, nut such information shall be anonymized and no third party shall receive individualized information about you. We may also share non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends about the general use of our Services or clinical trials in general.

    We may share data in case one of the following circumstances applies:

    1. With your consent - we will share personal information with companies, organizations or individuals when we have your consent to do so.
    2. For making some services possible – to third party processors, as described above.
    3. For legal reasons - we will share personal information with companies, organizations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
      1. meet any applicable law, regulation, legal process or enforceable governmental request.
      2. enforce the applicable Terms of Use, including investigation of potential violations.
      3. detect, prevent, or otherwise address fraud, security or technical issues.
      4. protect against harm to the rights, property or safety of our company, our users or the public as required or permitted by law.

  7. Non Personally Identifiable Information

    8. Personal Content that does not personally identify you (“Non Personal Identifiable Information”), may be collected in the following ways:

    • Information that your browser sends when you visit a website or online service (“Log Data”). This Log Data may include, but is not limited to, your location, browser type, the web page you were visiting before you access the Service and information you search for using the Service.
    • Like many services, our site uses “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor web traffic routing and aggregate usage of the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service.
    • We may use automated devices and applications, such as Google Analytics, to evaluate usage of the Service. We use these tools to help us improve the Service, performance and user experience. We may also engage third parties to track and analyze Service data or provide other services on our behalf. Such third parties may combine the information that we provide about you with other information that they have collected. This Policy does not cover such third parties’ use of the data. For more information and adjustments of these options you must go to the control panel of your Google account.

  8. Personal Security

    9. The security of your Personal Information is very important to FindMeCure. We use commercially reasonable physical, electronic and administrative safeguards that are designed to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Our data is encrypted both - at rest and in motion and our partners are world wide leaders in their respective domain and have taken top security measures.

    In the event that your Personal Information is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, FindMeCure will notify you by e-mail. FindMeCure will give you notice promptly, consistent with the reasonable needs of law enforcement and/or FindMeCure to determine the scope of the breach and to investigate and restore the integrity of the data system.

  9. Rights

    10. You have the right to request a copy of your personal details at any time, to check the accuracy of the information held and/or to correct or update this information. You may ask your personal information to be transferred or deleted completely, if no enquiry from you is in progress. You also have the right to complain when your personal data protection rights have been violated. We will make commercially reasonable efforts to provide you with reasonable access to any of your personal information we maintain or correct it within 30 days as of receipt of your access request.

    Please, note that after deleting your information, you shall not be able to use adequately the Services. You have the right to delete data in a manner consistent with the functionality of the Services, if such deletion is in accordance with the GDPR. We will comply with this instruction as soon as reasonably practicable and within a maximum period of 30 days, unless EU or Bulgarian law requires storage. Please, note that we may keep that information for legitimate business or legal purposes or be required (including by contract or GDPR) to keep certain of information and not delete it (or to keep this information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements).

    If you wish to access, delete (when applicable) or correct your personal information please use the contacts listed on top. Please state clearly in the subject that your request concerns a privacy matter, and more specific whether it is a request to access, correction, transfer or deletion. Bear in mind that we may ask for additional information to determine your identity.

    You can at any moment unsubscribe from our newsletters and notifications, by sending a notification to the email stated on top or by using the link in the mails, but after that we shall not be able to provide you with the full set of Services, which includes regular update and information about clinical trials.

    We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.

    Complaints, in case of conflict, can be addressed to the contacts listed on top. If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.

  10. Supervisory authority

    11. If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of UK, which is the Information Commissioner’s Office (ICO). More information can be found at: https://ico.org.uk.

    You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your rights.