Privacy Policy
Privacy Policy
Welcome to MDRCert ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, process, and safeguard your personal information when you visit our website (https://mdrcert.com) or engage with our medical device regulatory consulting services.
We operate in strict compliance with the General Data Protection Regulation (GDPR) and other applicable international data protection laws.
Information We Collect
We collect information both directly from you and automatically when you use our website. This includes:
Personal Data You Provide to Us
When you interact with us (e.g., requesting a quote, filling out a contact form, subscribing to our newsletter, or entering a consulting agreement), we may collect:
- Identity Data: First name, last name, job title, and company name.
- Contact Data: Email address, phone number, and billing/mailing address.
- Professional Data: Information regarding your medical devices, regulatory needs (e.g., EU MDR, IVDR, ISO 13485), and technical documentation inquiries.
Automatically Collected Data
When you navigate our website, we may automatically collect technical data to improve user experience and monitor site performance:
- Technical Data: IP address, browser type and version, time zone setting, operating system, and platform.
- Usage Data: Information about how you use our website, pages viewed, time spent on pages, and referring URLs.
How We Use Your Information
We use the data we collect solely for the purpose of communicating with you and delivering our expert regulatory services. Specific uses include:
- Service Delivery: To provide requested services, such as MDR consulting, gap analysis, PMCF planning, and registration strategy.
- Communication: To respond to your inquiries, provide quotes, and send administrative information.
- Marketing (With Consent): To send our newsletter or updates regarding medical device regulations, only if you have opted in. You can unsubscribe at any time.
- Website Optimization: To analyze site traffic and improve our website’s layout, content, and security.
- Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements.
Legal Basis for Processing (GDPR Compliance)
Under the GDPR, we must have a legal basis to process your personal data. We rely on the following bases:
- Contractual Necessity: Processing is necessary to fulfill a contract with you or take steps prior to entering a contract (e.g., providing a quote).
- Legitimate Interests: Processing is necessary for our legitimate business interests, provided those interests do not override your privacy rights (e.g., website security, B2B marketing).
- Consent: Where you have explicitly given us consent to process your data (e.g., subscribing to a newsletter).
Data Sharing and Third Parties
We never sell, rent, or trade your personal information. We only share data with trusted third parties under strict confidentiality agreements when necessary to operate our business:
- Service Providers: IT support, website hosting, CRM software, and email delivery services (e.g., Google Workspace).
- Professional Advisors: Lawyers, auditors, or insurers when necessary.
- Legal Requirements: We may disclose your data if required by law or in response to valid requests by public authorities.
Data Security
We implement robust technical and organizational measures to ensure a level of security appropriate to the risk of processing your data. This includes SSL encryption, access controls, and secure data storage environments.
However, please be aware that no transmission of information over the internet is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
Your Data Protection Rights
If you are a resident of the European Economic Area (EEA) or the UK, you have specific rights under the GDPR, including:
- The Right to Access: You have the right to request copies of your personal data.
- The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
- The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
- The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data.
- The Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you.
To exercise any of these rights, please contact us using the information below.
Cookies and Tracking Technologies
Our website uses cookies to enhance functionality, analyze traffic, and personalize content. For detailed information on the types of cookies we use and how you can control them, please refer to our Cookie Policy or manage your preferences via your browser settings.
Third-Party Links
Our website may contain links to industry resources, partner websites, or Notified Bodies. If you click on a third-party link, you will be directed to that site. We strongly advise you to review the Privacy Policy of every site you visit, as we have no control over and assume no responsibility for their content or privacy practices.
Contact Us
If you have any questions about this Privacy Policy, the data we hold on you, or if you would like to exercise one of your data protection rights, please do not hesitate to contact us:
- Email: [email protected]
- Phone: +382 68 682 766
- Website: https://mdrcert.com/contact-us/