Privacy Notice – MEG (Medical EGuides Ltd)

Last updated: October 2025

At MEG, we build software that helps healthcare professionals work safely and efficiently. Protecting personal data is central to how we do business. We are committed to complying with our obligations under the General Data Protection Regulation (the "GDPR") and respecting your right to privacy.

Who We Are

Medical EGuides Ltd ("MEG", "we", "our", "us") provides digital tools and platforms used by healthcare organisations worldwide. We are registered in Ireland (Reg. No. 581747) with offices in Dublin, the UK, the UAE and Australia. We are regulated by the Data Protection Commission (DPC - Ireland) as our lead supervisory authority.

PART A: WEBSITE PRIVACY POLICY

This section applies to visitors to megit.com and our associated online properties.

Important: You should not use this website if you are not happy with this Privacy Policy. By visiting this website, you are accepting the terms of this Policy. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of those other websites. When we link to another website, it does not constitute an endorsement of that website by MEG.

Information We Collect on Our Website

We retain two types of information:

Non-Personal Data

You can browse the Website without telling us who you are or revealing any personal information about yourself. Like most websites, we gather statistical and other analytical information collected on an aggregate and anonymous basis from all visitors to our Website.

This "Non-Personal Data" comprises information that cannot be used to identify or contact you, such as:

  • Your domain name, browser type, operating system

  • Device type

  • The website that referred you to us

  • The files you downloaded and pages you visit

  • The dates/times of those visits

  • Other anonymous statistical data involving the use of our website

This information is used in an aggregate form to get a better understanding of how people use the website, e.g. which pages are most popular, which links people find most useful, etc. This helps us to improve the website and provide better information and support for those who use it.

Personal Data Collected via Website

"Personal Data" is data that identifies you or can be used to identify or contact you. Personal Data is collected only with your knowledge and permission and is securely retained by MEG.

If you choose not to provide Personal Data, you can still browse and use the website, but certain functions/services may not be available without providing the necessary Personal Data.

Personal Data is only collected from you if you voluntarily submit it to us, apart from your IP address, which is considered personal data under the GDPR and is collected by the cookies that MEG uses on this website.

Specific Use Cases and Legal Basis:

(a) Newsletter and Marketing Materials: If you register with MEG for our newsletter or download an ebook/whitepaper you may be asked to provide personal data such as your email address. The company is relying on your consent (opt in) as the legal basis for processing this data. If you choose to opt-out, we will not retain any personal data relating to you. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each mailing.

(b) Contact Form: If you complete the "contact" option on our website, you will be asked to provide personal data such as your name, email address, and phone number. The Company is relying on legitimate interest as the legal basis for processing this data, and we will retain your details.

(c) Request for Information: If you complete the request for further information, you will be asked to provide personal data such as your name, email address and phone number. The Company is relying on legitimate interest as the legal basis for processing this data, and we will retain your details.

Cookies

When you visit megit.com:

  • We use cookies to enable website functionality, analyse usage, and improve user experience

    • Session cookies expire when you close your browser

    • Persistent cookies help remember preferences and track visits for analytics

  • We use Google Analytics and similar tools to understand traffic trends in an aggregated, anonymised way

  • This Website does not use cookies to hold personally identifying information

  • You can manage or disable cookies through your browser settings

Disclosure of Website Visitor Information to Third Parties

  • We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties

  • This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as part of their contract with MEG

  • We may release your personal data where compliance with legal requirements is a necessity

  • We reserve the right to enforce our site policies in order to protect our rights and the rights of other individuals in a manner that is safe and compliant with the law

  • If data is transferred outside the EEA or UK, we use EU Standard Contractual Clauses, Adequacy Decisions, and equivalent safeguards to protect it.

Your Rights as a Website Visitor

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to find out if MEG holds personal information about you and be given a description of the personal data and the purpose(s) for holding your information

  • The right to request a copy of your personal data which MEG holds about you

  • The right to request that MEG corrects any personal data if it is found to be inaccurate or out of date

  • The right to request your personal data is erased where it is no longer necessary for MEG to retain such data

  • The right to withdraw your consent to the processing at any time, if consent is the condition for processing

  • The right to request that MEG provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability) - only applies where the processing is based on consent or is necessary for the performance of a contract and the data controller processes the data by automated means

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

  • The right to object to the processing of personal data - only applies where processing is based on legitimate interests, direct marketing, or processing for scientific/historical research and statistics

  • The right not to be subject to a decision based solely on automated processing, including profiling

  • The right to lodge a complaint with the Data Protection Commission

PART B: HEALTHCARE SERVICES PRIVACY NOTICE

This section applies to healthcare organisations that use MEG software and platforms, and to the processing of data within those systems.

Our Role Under Data Protection Laws

Depending on the context, MEG may act as:

  • Data Processor – when processing information on behalf of our healthcare organisation customers (the data controllers)

  • Data Controller – for our own employees, contractors, suppliers, and business operations

  • Joint Controller or Data Owner – in limited cases defined by contract

Important: When you use MEG software as part of your healthcare organisation's system, that organisation controls your personal data. You should contact them directly to exercise your data protection rights. MEG supports all such requests promptly and securely on their behalf where needed.

Information We Process for Healthcare Organisations

When acting as a data processor for healthcare organisations, we may process:

  • Contact details (name, email, phone number, role, organisation)

  • Technical data (device type, browser, IP address, usage logs)

  • Account credentials (as configured by the customer)

  • Limited location data when users opt-in (e.g. to display local indexes)

  • Healthcare-related data as defined by the customer organisation

Purposes and Legal Basis for Processing Healthcare Data

We process personal data for:

  • Delivering and supporting our software and services (Contractual necessity)

  • Managing customer accounts, billing, and support (Contractual necessity)

  • Meeting legal, regulatory, and compliance obligations (Legal obligation)

  • Improving and securing our systems (Legitimate interest)

We never use customer data for marketing, profiling, or any unrelated purpose.

Where Healthcare Data Is Stored

All healthcare data processed on behalf of our customers is hosted on Microsoft Azure, in secure data centres located within the local region of the healthcare organisation we serve.

If data is transferred outside the EEA or UK, we use EU Standard Contractual Clauses, Adequacy Decisions, and equivalent safeguards to protect it.

Security & Certifications

We maintain independent certifications to ensure the highest standards of data protection and cybersecurity:

  • ISO 27001:2022 – Information Security Management

  • ISO 27017 & ISO 27018 – Cloud security and data protection in the cloud

  • Cyber Essentials – UK Government-endorsed cybersecurity framework

  • NHS Data Security and Protection Toolkit – For organisations handling NHS data

  • SOC 2 Type II – Independent attestation of internal controls

  • HIPAA compliant – Meeting U.S. healthcare privacy and security requirements

These certifications guide our policies, staff training, encryption, and system design. You can rely on these certifications as guarantors of the highest security standards - and in most cases, they mean we already meet or exceed your healthcare organisation's own security and compliance requirements.

Security Measures

We protect data using:

  • Encryption in transit and at rest

  • Multi-factor authentication

  • Role-based access control (least privilege)

  • Continuous monitoring and regular audits

  • Annual external penetration tests

In the unlikely event of a data breach, MEG will notify affected customers and relevant authorities within 72 hours, where required by law.

Data Sharing for Healthcare Services

We only share data with:

  • Trusted service providers (e.g. Microsoft Azure, analytics or support platforms) who act under written data-processing agreements

  • Regulatory or legal authorities when required by law

We do not sell or commercially share personal data.

Data Retention for Healthcare Services

We retain personal data only for as long as:

  • It is necessary to fulfil our contractual or legal obligations; or

  • The customer instructs us to delete it

Data is securely deleted or anonymised after this period. Backup data is overwritten within 14 days of deletion.

Your Rights - Healthcare Service Users

Under GDPR and other applicable privacy laws, healthcare service users (or their organisation) have the right to:

  • Access a copy of personal data

  • Correct inaccurate or incomplete data

  • Request deletion or restriction of processing

  • Object to processing (where applicable)

  • Withdraw consent (where applicable)

  • Request portability of data (where applicable)

  • Request restriction where there is a dispute

  • Not be subject to automated decision-making, including profiling

  • Lodge a complaint with your local Data Protection Authority or the Irish Data Protection Commission

When MEG acts as processor, these rights must be exercised through your healthcare organisation.

PART C: EMPLOYEE AND BUSINESS DATA

For our employees, contractors, and suppliers, MEG acts as data controller. We process only what is required for employment, payroll, compliance, or business operations, and we retain data only as long as legally necessary.

UPDATES TO THIS NOTICE

We may update this Privacy Notice periodically to reflect changes in laws, technology, or our services. The latest version will always be available at megit.com/privacy-policy.

CONTACT US

If you have questions or requests related to data protection or this notice, contact:

📧 Email: dataprotection@megit.com (Data Protection Officer)
📍 Address: The Digital Depot, Thomas Street, Dublin D08 TCV4, Ireland
☎️ Phone: +353 87 706 43 22

our Locations

IRELAND

🔎 The Digital Depot, Thomas Street,
Dublin 8,
D08 TCV4

+353 (0)1 697 1579

UK

🔎The Stable Yard, Vicarage Road,
Stony Stratford,
MK11 1BN

+44 (0)20 3322 5406

U.A.E.

🔎 Royal Class Building, Dubai Investment Park First

australia

🔎 Level 1, 16 McDougall, Street, Milton, QLD, 4064,

+64 27 2685353