The EU General Data Protection Regulation, or GDPR (Regulation (EU) 2016 / 679) is the latest update to data protection laws covering the 28 nations of the European Union.
Until 25 May 2018, EU data privacy legislation had a limited impact on Medical Joyworks. However, Article 3 of the new regulation expands its territorial scope to include us, a United States LLC with establishment in Delaware, and with no offices in the European Union.
Consequently, with this legislation having come into effect on said date, we take this opportunity to share with you some of its key aspects, how we are ensuring our compliance with it, and how it all relates to you.
The information presented below is lengthy, but important. Therefore, we kindly ask that you find a comfy chair, get a large cup of freshly brewed coffee, and take a few minutes to carefully read what we are about to share here.
The Medical Joyworks team
The GDPR was enacted by the European Union and is intended to enhance the protection of natural persons with regards to the processing of their personal data. The GDPR does this by replacing the Union’s existing Data Protection Directive 95/46/EC and harmonizing the different data privacy laws in effect across the EU’s Member States.
The term processing is worth noting here. Under the GDPR, processing means:
Personal data is another important term, defined by the GDPR as:
You will want to keep these two terms in mind as you continue to read further!
The GDPR protects you, if you are:
Under Article 13 of this legislation, we (the data “controller” or “processor”) are obliged to provide you (the “data subject”) with concise, transparent, intelligible and easily accessible information on:
The GDPR’s Article 6 grants Medical Joyworks the legal right to process personal data, so long as one or more of the following 6 conditions are met:
Explained in our own words:
This means that the legal basis by which Medical Joyworks can process your personal data comes down to these specific reasons:
The GDPR makes clear in Article 4 what a personal data controller and a processor are:
There may be times when the controller and the processor are the same entity.
For our purposes here, your personal data is collected by Medical Joyworks and, where necessary, by essential third parties. These include:
The privacy policies across all our products and services have been clear and consistent on this matter since the Company’s founding in 2011; and, if anything, the GDPR only strengthens our commitment toward this level of clarity.
The personal data we are collecting and further processing is limited to what is outlined in our privacy policies:
We also store Facebook and Google Plus public profiles when you choose to authenticate yourself for the purposes of posting comments in our Properties (whenever the feature exists and is available), or for saving your personal data. In this instance, your previous gaming results (when applicable) are stored as well.
Any comments you post on our websites and apps are also collected. These identify your name, your profession, and your specialty, but no other personal details.
We also store a record of your visits in our server logs. These server logs typically include:
As stated in our privacy policies, we collect and further process anonymized information, data with no personally identifiable information which can be used to trace its source so that the people whom it describes can remain anonymous.
Under the GDPR’s Article 11, such data is not subject to the same treatment as is personal data, particularly with regards to any desire you might have for accessing it, rectifying it or erasing it.
That said, the anonymized data we collect and further process is limited to the following:
We also generate an anonymous mobile device token to send to your mobile device push notifications when any new content is released via a downloaded gaming app product. This mobile token is created and managed by your mobile device’s operating system; and processed by a specialist third party provider.
We are also very candid in stating that we do not release this user data to any third parties, for any reason, unless we are required to by law.
Whenever you install any of our downloaded mobile products and services, or visit any of our web products and services, you are first asked to review and accept the terms of service we spell out for their use. The terms of service list detailed explanations regarding the personal and anonymized data we may collect and process, when this is done, and how.
Personal data is collected any time you decide to complete a registration survey we make available through our products and services. Anonymized data is collected any time you use our products and services.
Access to all data is done solely via the automated processes and systems we have created and procured from third parties; and control over these processes and systems is restricted to Medical Joyworks team members and third parties tasked with designing, maintaining and upgrading them. Said team members, and their supervisors, are accountable for any work performed on the automated processes, as well as the purposes for which said data may be used.
Below is an outline detailing all of the parties involved in the collection and processing of personal and anonymous data as part of the processing activities essential to the running of our Properties:
Whenever a third party is supplying a system essential for processing personal data and anonymous data, we receive contractual assurances from them stating that they comply with any necessary operational and legal requirements as stipulated EU, US and other pertinent local and international laws.
We do not release any of your personally identifiable data to any third parties, for any reason unless we believe that we are required to by law.
While our websites and apps are free of charge, our services are supported by advertising; and for this, we only disclose anonymized information.
This is something we clearly state this in the privacy policies of all our products and services:
Chapter III of the GDPR (spanning Articles 12 through 23) provides a detailed listing of all your personal data privacy rights.
We present you a detailed outline below:
Please be advised, Article 23 of your rights states that European Union or Member State law to which we are subject may restrict the scope of your rights and our obligations provided for in Articles 12 through 22.
Should any such restriction occur, we will do our best to notify you accordingly.
Your rights are our priority, and we strive to ensure them at all times.
There are many ways by which you can exercise your rights, depending on the personal data we may collecting and further processing.
For mobile Properties, you can manage your data options by:
For web Properties, you can manage your data options by: