Privacy Policy

Updated 17 September 2021.

Medesk Limited (“our”, “us” and “we”) are committed to protecting and respecting your privacy. We value your privacy and the security of your data and we want to be transparent about the collection, use and sharing of information about you.

This privacy policy (“Privacy Policy”) and any other documents referred to in it, sets out the basis on which we collect and process your personal data as a data controller when you use our services (“Services”) and/or our website (, (“Site”) and other interactions with us through other means such as customer service, discussing or contracting one of our professional services or at direct conversations and events.

We have produced this Privacy Policy to communicate and explain how we process personally identifiable information (personal data) that we collect about you when you use the Services or Site.

By using or accessing the Site or the Service and providing us with your personal data, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your personal data as set forth in this Privacy Policy.

Please note:

This Privacy Policy does not apply to any personal data you provide to us when we process personal data on your behalf as your data processor i.e. where we process customer data within the cloud service we provide to you, as a BTB service provider.

Data Controller

For the purposes of EU and UK data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), the data controller is Medesk Limited of 3rd Floor, 207 Regent Street, London, W1B 3HH, UK.

Data Protection Officer

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions about this Privacy Policy who can be contacted as set out at the end of this Privacy Policy.

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

  • To fulfil our contractual obligations to you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • To comply with a legal obligation.
  • To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.

How we collect your data

When you visit our Site or use our Services, we collect personal data. The ways we collect it can be broadly categorised into the following:

  • Identity Data:includes first name, middle name, last name, username or similar identifier, title, date of birth and gender.
  • Contact Data:includes billing address, delivery address, email address and telephone numbers.
  • Financial Data:includes bank account and payment card details.
  • Transaction Data:includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data:includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Site or the Services.
  • Profile Data:includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data:includes information about how you use our Site and Services, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site and Services (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Marketing and Communications Data:includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Aggregated Data:We also collect, use and share statistical or demographic data for any purpose. This Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

How we collect your data

We use different methods to collect data from and about you including via:

  • Direct Interactions. You may give us your Identity, Contact and Financial Data when you fill in forms or correspond with us by post, phone, email or otherwise. This includes personal data you provide when you register to use our Site or to receive our newsletter, subscribe to use our Services, create an account to use our Site or Services, request marketing to be sent to you, search for a product or place an order on our Site, participate in discussion boards or other social media functions on our Site, enter a competition, promotion or survey, attend a conference or webinar, give us feedback or contact us and when you report a problem with our Site or Services.
  • Purchases: If you make purchases via our Site or within any Services, or register for an event or webinar, we may require you to provide your Identity, Contact, Financial and Transaction Data.
  • Automated Technologies or Interactions. As you interact with our Services, Sites or emails, we automatically collect Technical Information about your device, browsing actions, patterns, Location Data and Usage Data. We collect this personal data by using cookies, server logs, web beacons, pixels, and similar technologies about your device, and your use of our Site and Services. We may also receive Technical Data and Location Data about you if you visit other websites employment our cookies. Please see the Cookie section below for further details.

If we don’t collect your personal data, we may be unable to provide you with all the Services, and some functions and features on our Site may not be available to you.

Information received from third parties

We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive the following personal data about you from them:

  • Technical Data: from analytics providers, advertising networks and search information providers such as Google, Segment, Mixpanel.
  • Contact, Transaction and Financial Data: from providers of technical, payment and delivery services such as PayPal, Stripe, GoCardless, FastSpring.
  • Identity and Contact Data: from providers of chat/communication services with customers including via email such as Intercom.
  • Email Communications and Contact Data: from providers of email communications service providers such as Google, SendGrid, Mailigen.
  • Business Contact and Financial Data: from CRM service providers who manage contacts and keep a record of communications/ interactions with customers such as Pipedrive, HubSpot.
  • Contact Data and Financial Data: from our cloud accounting system that stores email and names of persons sent invoices by email, such as QuickBooks.

Information collected from other sources

We also collect personal data about you from publicly available sources. We may combine this information with personal data provided by you. This helps us update, expand, and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. We also use this for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying Contact Data. The personal data we collect includes:

  • Identity and Contact Data:from publicly available sources such as Companies House, your business Website, yellow pages etc.
  • Identity, Contact and Profile Data:that is published about you on social media profiles such as LinkedIn, Facebook, Twitter etc.

Uses made of personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

| Purpose/Activity | Type of data | Lawful basis for processing | |