Through Medusa’s long-standing commitment to patient privacy, we are compliant with General Data Protection Regulation (GDPR) rules and guidelines. As a Data Processor we provide assurances to our customers that our products and services are GDPR compliant. In some cases, Medusa’s customers are Data Controllers and in other cases our customers are Data Processors and their customers are Data Controllers.
If you wish to make a request for your patient record under GDPR rules, please contact the EMS or health care provider(s) that provided your health care to make the request. If the health care provider uses Medusa as a Data Processor, we will support them in fulfilling your request within the rules of GDPR.
There are some key rules related to the GDPR Lawful Basis for data collection. Your EMS provider can provide you with their Lawful Basis for data collection and explain how that affects your rights related to your health care record held with the provider.
As part of our core business, Medusa Medical Technologies stores and maintains data on individual persons, including personally identifiable data, health data and potentially other special category data (e.g., race, religion). As a company, Medusa Medical Technologies has a Legitimate Interest to store and maintain this data through GDPR Articles 6(1)(f) and 9(2)(h).
This information is gathered at the behest of our EMS Providers (i.e., Controllers). The specific data that is collected is defined by the EMS provider. Medusa does not process or share this data, except at the explicit request of our EMS provider.
Medusa Medical Technologies retains this data for as long as it is required by the EMS provider.
If you have any questions or inquiries regarding your rights to this data (i.e., the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; rights in relation to automated decision making and profiling; the right to lodge a complaint with a supervisory authority), please contact the appropriate EMS provider. If you do not know the appropriate EMS provider please contact Medusa Medical Technologies via our Contact Page and we will work with you to get that information.
On occasion, Medusa Medical Technologies conducts direct marketing (e.g., surveys, emails) to individuals. To receive these marketing messages, individuals need to specifically opt in. Medusa Medical Technologies does not use the data collected by our Customers for this purpose.
Individuals receiving this marketing material can opt out any time. Instructions to opt out are provided on the marketing material itself. Alternatively, individuals can opt out by contacting Medusa Medical Technologies via our Contact Page.
If you have any questions or inquiries regarding your rights regarding any marketing material (i.e., the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; rights in relation to automated decision making and profiling; the right to lodge a complaint with a supervisory authority), please contact Medusa Medical Technologies via our Contact Page.
The Data Protection Officer for Medusa Medical Technologies is Glen Dexter. You can reach him through the Medusa Medical Contact Page.