Privacy Policy

Your privacy is a priority for MediPaper Medical Communications Ltd, a company from Hong Kong with headquarters in 398 Kwun Tong Road,Unit 703 7/F Eastcore, and VAT number 67601118 (hereinafter referred to as the “Company”). The Company is the Data Controller of the applicants’ (the “Applicants”) personal data and undertakes to respect them, to process them with utmost care and to provide the best level of protection for them in accordance with Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) and with the applicable national rules.
This privacy notice provides information on what personal data we collect and the purposes for processing it along with your rights and the means of exercising them. Please read the following carefully to understand our views and practices regarding your personal data and how we will handle it. Any questions relating to the processing of your personal data can be sent to the following email address: admin@medipr.org.

1. Purposes of the processing and legal basis

The Company collects and uses your personal data in the framework of your application for a current or future employment at the Company. The legal ground for the processing of your personal data for the purposes of an actual application is the execution of a pre-contractual measure (Article 6.1. b) GDPR). The legal basis for the processing of your personal data (storage) for the purposes of a future vacancy is consent (Art. 6.1. a) GDPR). Certain information (e.g. visa status, work permits, etc.) will be collected and processed for the purposes of compliance with a legal obligation (Art. 6.1. c) GDPR).

2. Personal data processed

The Company processes the following personal data in the framework of a recruitment:
• Personal identification data;
• Address and email address;
• Telephone number;
• Video (in case interviews are conducted using this means);
• Demographic characteristics;
• Nationality and, if needed, proof of identity, work permit and residence document (mandatory inspection by the law on the employment of foreign employees);
• Resume, cover letter, information on education/degrees and professional experience;
• Information you share in application interviews, CVs or through correspondence;
• Photographs;
• Psychological data;
• Hobbies and interests;
• Information about you publicly accessible on the internet;
• Criminal record extract (if legally obliged);
• References (only with your consent);
• Details of your visit to our website or our Recipients websites (e.g., traffic data, location data, weblogs, etc.);
• Data from social media (LinkedIn).

3. Recipients

The Company may grant subcontractors access to your personal data for the processing on our behalf and in accordance with our instructions. Depending on your particular circumstances, one or more of the following could be recipients of your data:
Factorial HR, HR Platform, Spain
Sendgrid (Twilio), Email Delivery Service, Ireland
Amazon Web Services (AWS), Web Hosting, Germany
Microsoft Azure, Germany

4. Automated Decision Making/Profiling

Some of our providers allow us to select appropriate candidates to consider based on criteria expressly identified by us, or typical in relation to the role for which you have applied. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our staff. This process is performed based on legitimate interest in order to facilitate the recognition of candidates with higher potential of being hired. It does not evaluate key characteristics regarding an individual and is completely anonymous.

5. Security

The Company has taken appropriate measures to ensure that all personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
The Company also has procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.

6. International data transfers

The Company hosts its platform and your personal data in the European Economic Area, more specifically in Region EU-West1 of Amazon Web Services, in Frankfurt, Germany.

7. Storage period

If your candidacy succeeds, we will enclose all the information obtained about you during the selection process in your Employee file. If your candidacy does not succeed, we will store your personal data no longer than is necessary for the purposes for which it was processed if you have granted your consent for this purpose.

8. Your rights

Under the GDPR you have certain rights when it comes to our processing of your personal data:
Right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights.
Right of access: You have the right to obtain access to your personal data.
Right to rectification: You are entitled to have your personal data rectified if they are inaccurate or incomplete
Right to erasure: This right enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not an absolute right to erasure and exceptions apply.
Right to restrict processing: You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further.
Right to data portability: You have a right to obtain and reuse your personal data for your own purposes across different services.
Right to object to processing: You have the right to object to certain types of processing.
Right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection authority.
Right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time.
Right not to be subject to automated-decision making: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal (or similarly significant) effects to you.
The Company usually acts on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
• baseless or excessive/repeated requests; or
• further copies of the same information.
You can address your communications and exercise your rights by sending written communication to the following e-mail address admin@medipr.org. In some cases, the request may be refused if you ask for the deletion of data necessary for the fulfilment of legal obligations.

9. Complaints to the Data Protection Supervisory Authority

The Company aims to resolve any query or concern you raise regarding the use of your personal information. Every data subject has the right to lodge a complaint with a supervisory authority. If you consider that our processing of the data in question breaches provision of data protection law. You can assert this right to lodge a complaint with a supervisory authority in the Member State where you are domiciled, at your place of work or at the place of the alleged breach.