Privacy Policy
 
Version 2.0 – Last updated: May 2018

This is the Privacy Policy for the Messly Service (“we”,“us” and “our Service”). The Service is operated by Berdroot Developments Limited with a registered address of Kemp House, 160 City Road, London EC1V 2NX, United Kingdom, and company number 10470417.

We are committed to protecting and respecting your privacy.

This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR) which takes effect on 25 May 2018. The GDPR promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy Servicelies to all data we process, and by using Berdroot Developments Limited you consent to our collection and use of such data. If you would like to get in touch about anything in this policy or about your personal data then please contact us at support@messly.co.uk

This policy (together with the Terms of Use and any other documents referred to in it) sets out:
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By engaging with our Service you acknowledge you have read and understood this privacy policy.

For the purposes of European Economic Area data protection law, (the “Data Protection Law”), the data controller is: Berdroot Developments Limited, Kemp House, 160 City Road, London EC1V 2NX, United Kingdom.
Information we collect about you
We will collect and process the following personal data from you:
1. Information you give us
This is information about you that you give us directly when you interact with us.
This is information about you that you give us by filling in forms on our Service or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Service, Servicely for a job posting, use our Service to directly message hospitals or trusts about a job posting, submit a query, and when you report a problem with our Service.
The information you give us may include:
2. Information we collect about you from your use of our Service
We will automatically collect information from you each time you use our Service. This includes technical information such as your Internet protocol (IP) address used to connect your device to the Internet, your login information, operating system and platform, version, time zone setting, plug-in types and versions.
We also collect information generated through the use of our Service, including:
3. Information we receive from other sources
This is information we receive about you from hospitals and trusts (“Organisations”). This includes your GMC number and your employment or bank registration status with the Organisation. GMC data is publically available at https://webcache.gmc-uk.org/gmclrmp_enu/ and is used for the purpose of affiliating new doctors using our Service with the relevant Organisations that they are employed by or otherwise verified by in order to provide medical services.
How we use your information
You can see a full list of the types of data we process, the purpose for which we process it and the lawful basis on which it is processed here. We use information held about you in the following ways: Information you give to us: We will use this information to take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you and us including: administering your account with us; storing your registration documents and providing them to Organisations upon request following your application for a relevant job posting; associate you with any Organisation for which you are already affiliated; notifying you about changes to our service We will also use this information to ensure in our legitimate interests that content from our Service is presented in the most effective manner for you and for your device, including ensuring that your experience is optimised in terms of relevance of job postings, content and access to resources, and ensuring that we provide you with the information that you request from us. 2) Information we collect about you from your use of our Service We will use this information in our legitimate interests, where we have considered these are not overridden by your rights to: administer our Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. keep our Service safe and secure. improve our Service to ensure that content is presented in the most effective manner for you and for your device. allow you to participate in interactive features of our service, when you choose to do so. 3) Information we receive from other sources We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Who we give your information to
We may give your information to: any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. Organisations to whom you are responding to a job posting as advertised on our Service. We share your information with organisations who process your personal data on our behalf and in accordance with our instructions and the Data Protection Law. This includes in supporting the services we offer through the Service in particular those providing data hosting services, distributing any communications we send, facilitating feedback on our services and providing IT support services from time to time. These organisations (which may include third party suppliers, agents, subcontractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions. We also share your information with analytics and search engine providers that assist us in the improvement and optimisation of our Service (this will not identify you as an individual). The full list of third parties with whom we share your information is: Intercom - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Google Apps for Business - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Amazon - Data is not transferred outside of the European Economic Area. PORT - Data is not transferred outside of the European Economic Area. Zapier - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Typeform - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Slack - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Drift - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Segment - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. We will disclose your personal information to third parties: In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy. If Berdroot Developments Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its registered users will be one of the transferred assets. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Berdroot Developments Limited, our registered users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Where we store your information
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) that may not be subject to equivalent Data Protection Law. Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy. We may transfer your personal information outside the EEA: in order to store it; in order to enable us to provide services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services; and where we are legally required to do so.
How we protect your information
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We keep your information secure by following internal policies of best practice and training for staff, and by using Secure Socket Layer (SSL) technology when information is submitted to us online Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Service; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we shall also inform you. Our Service may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
How long we keep your information
We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
Your rights
You have the right under certain circumstances: to be provided with a copy of your personal data held by us; to request the rectification or erasure of your personal data held by us. If you wish you erase your information, you are required to submit a request via the email account used to register with us. Upon verification of the source of request, the process will kick off for removing any personal data linked to the individual who raised the request. Following the completion of the process a notification will be sent to the individual within one month confirming the completion of the process. to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example); to object to the further processing of your personal data; to request that your provided personal data be moved to a third party. Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. You can also exercise the rights listed above at any time by contacting us at support@messly.co.uk If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Changes to this policy
Any changes we make to our privacy policy in future will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail.
Contact Us
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to: Berdroot Developments Limited Kemp House, 160 City Road, London EC1V 2NX, United Kingdom, support@messly.co.uk