Updated on January 18, 2022
MedLogic is on a mission to stop breaches. We have numerous Offerings, including but not limited to platform and cloud-based security and intelligence subscription services, app store software and integrations, professional services, free community security tools, and more. Our Offerings are designed to provide cutting-edge security solutions to our customers. We lead the industry in cloud-native crowdsourced security, applying big data analytics in order to detect, contain, and mitigate network intrusions, protect data, assess risk, and identify attackers. For more information about MedLogic, please see the “About Us” section of our Website at https://www.medlogic.com/about-us
This Privacy Notice (“Notice”) describes the manner in which MedLogic, Inc. and its affiliates (collectively “MedLogic”) collect, use, maintain, and disclose information from users of our websites (e.g., medlogic.com, medlegal.legal, subdomain.medlogic.com, subdomain.medlegal.legal) (collectively, “Websites”), event participants, prospective customers, or other situations in which MedLogic is a data controller, and from the use of our products and the performance of our services (our “Offerings”). For purposes of this Notice, the terms “user,” “customer,” “you,” and “your” are meant to refer to the individuals about whom we may collect personal information, and at times may be used within the Notice interchangeably.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.
2. DATA COLLECTION AND USE
2.1 Why Does MedLogic Collect Personal Information?
MedLogic processes personal information in the course of running our websites, processing payments, registering visitors to our offices and events, managing contests and promotions, providing support, improving user experience, running our infrastructure, preventing fraud, protecting intellectual property, maintaining endpoint and network security, enforcing our legal rights, sending marketing and other communications, processing agreements, complying with our legal obligations, and to achieve other legitimate interests as well as where you have provided consent. Personal information, such as contact information, is collected from websites, web portals, offerings, events, partners, office visitor registration systems, and where you have provided it directly to MedLogic.
2.2 What Personal Information Does MedLogic Obtain?
To fulfill the purposes described in this Notice, MedLogic may collect personal information such as name, contact information, technical unique identifiers, authentication credentials, or other personal information you choose to provide to MedLogic. For example, as described in specific sections of this Notice may include, among other things, the Internet Protocol (IP) address, browser information, device ID, the type of computer and technical information about a user’s means of connection to our Websites or Web Portals, such as the operating system and the Internet service providers utilized and other similar information. From users who are required to login to gain access to a particular Website feature or Web Portal, we collect usernames, passwords, and other login credentials that are used for the purpose of verifying user authorization to access the feature or Offering.
2.3 Where Does MedLogic Obtain Personal Information?
MedLogic Websites provide Internet based access for users to learn about MedLogic and its Offerings and to communicate with MedLogic and with others. MedLogic web portals that may exist within our Offerings (“Web Portals”) provide customers with Internet based access to our Offerings. When an individual uses our Websites and Web Portals, MedLogic gathers information, some of which may be considered personal information in your jurisdiction.
Mailing List – If you opt-in to our mailing list online or in person, you will receive emails that may include company news, updates, related product or service information, and other MedLogic related information. We may also associate personal information that you submit to us, including email addresses, with information collected about you through other means such as cookies, web beacons, or social media plugins. This will help us better tailor content delivered to you through a variety of ways, including online advertisements. We include unsubscribe instructions at the bottom of each email if at any time you would like to unsubscribe from receiving future emails.
Blog – Accessing our blog will load social media cookies that are necessary for displaying content and enabling user interaction. If you make posts to our blogs, your words and identity are made available to other people using the blog. We are under no obligation to publish, maintain, or retain any of your posts. If you provide us with feedback about our company, Offerings, or Websites, we consider this to be freely given and we may use your feedback without compensation or attribution to you.
We may use the information, including personal information, that we collect from users of our Websites and Web Portals for a number of reasons, including but not limited to the following purposes:
- Operate, secure, support, personalize, and improve our Websites
- Provide you requested information and Offerings
- Provide blogs and discussion groups
- Communicate through chat platforms
- Run promotions, contests, surveys, or other website features
- Send periodic emails
- Recruit new employees when you respond to career postings
- Analyze trends
- Digital marketing, which may include online advertisements appearing on cookie-based advertising networks
- Direct marketing, which may include postal mail or telemarketing from MedLogic or a service vendor
- Provide you our Offerings, including product updates, documentation, partner offerings, and related information
- Operate, secure, support, personalize, and improve our Web Portals and Offerings
- Connect you with partners
- Facilitate forum discussions
- Develop new features, products, and services
- Send periodic emails
- Analyze trends
Referrals – Where we provide a referral option that you choose to use to share information with a point of contact about us, we will ask you for the contact’s name and email address. We will automatically send your contact a one-time email inviting him or her to visit our Website. MedLogic will store this information for the sole purpose of sending the one-time email and for tracking the success of our referral program. An individual whose name has been provided to us may contact us at firstname.lastname@example.org to request that we remove their information from our database.
Information that we obtain from third party sources
From time to time, we may receive personal information about you, including your name, email address, or other information such as a profile picture, from third party sources where those parties have indicated that they have your consent or are otherwise legally permitted or required to disclose your personal information to us. For example, we may be provided with information about individuals interested in using our offerings, joining our company, or when using third party authentication options to sign-up for or log-in to our offerings.
2.3 With Whom Does MedLogic Share My Personal Information?
We do not sell, trade, or rent the personal information we collect from our Websites to others. We may share aggregated demographic information regarding visitors and users of our Websites with our affiliates, business partners, and advertisers for the purposes outlined above. When we collect personal information through our Offerings, it is made available to the MedLogic customer who was the source of the information and we use it as described in the Privacy Notice, terms and conditions, or otherwise as directed by our customers.
Online Behavioral Advertising – We partner with a third party to display advertising on our Websites or to manage our advertising on other sites. Our third party partners may use technologies such as cookies, scripts and tags to gather information about your activities on this site and other sites to provide you advertising based on your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt out by visiting Digital Advertising (DAA)’s self-regulatory opt-out page, click here. If you are located in the European Economic Area, click here. Please note this does not opt you out of being served ads; you will continue to receive generic ads.
Service Providers – We may use third party service providers or partners to help us operate our business; provide, support, maintain, or secure our Offerings and our Websites; or administer activities on our behalf, such as events or marketing campaigns. It may be necessary to provide or allow access to your personal information to these third-party service providers or partners for those purposes.
Legal and Professional Advisors – We provide information regarding our business to our auditors and legal counsel. In some cases, the shared information may contain personal information, but the auditors and legal counsel may only use it for the purpose of providing their professional services.
Legal Disclosures – We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets.
Links to Other Websites – Our Websites include links to other websites whose privacy practices may differ from those of MedLogic. If you submit personal information to any of those sites or services, your information is governed by their privacy notices. We encourage you to carefully read the privacy notice of any website service you visit.
3. Legal Basis for Processing Personal Information (EEA Visitors Only)
If you are a visitor from the European Economic Area and the United Kingdom, MedLogic’s legal basis for collecting and using the personal information collected will depend on the personal information concerned and the specific context in which we collect it.
In most circumstances, we collect personal information (i) where it is needed for the performance of a contract, (ii) where the processing of the personal information is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent. Other times, your personal information may be collected in order for us (iv) to comply with a legal obligation, (v) to perform a task for the public interest, or (vi) for the protection of your or another’s vital interests.
If we collect and use your personal information in reliance on our legitimate interests or those of any third party, we will make clear to you at the relevant time through this notice or otherwise what those legitimate interests are. Often times, legitimate interests involve our normal day-to-day operations, such as the ability to operate our platform and communicating with you as necessary to provide our services, responding to your inquiries, or marketing. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.
4. Cookies and Similar Technologies
Most of the information we collect through our Offerings is metadata. Metadata may include how and when a device or network is being used, login times and attempts, registry keys, types and versions of operating systems, browsers, and information about software applications. In some cases, we collect personal information as it may appear within the metadata such as that associated with usernames, filenames, file paths, and machine names. This personal information is used to help our customers and improve our capabilities in the way described in our more specific product or service documentation and agreements. MedLogic’s Offerings also include features providing customers the ability to submit files (including the content of those files) and other information related to the files for purposes including security analysis and response, product improvement, enhanced capabilities, or customer support. At the direction of customers, we may also collect or retrieve files as part of our Offerings.
An important type of data we detect, collect, analyze, and use through our Offerings (or provide our customers the ability to provide to us) is information about adversaries, for example, malware and URLs where adversaries try to send your data. We often discover this type of information from analyzing samples customers provide to us or from the data we collect from customers through our Offerings. We use the information we collect about adversaries to help all of our customers and the public – DETECT, RESPOND, REVEAL. However, when we share information that we learn about adversaries, we don’t identify customers or individuals, other than, of course, the adversary, that’s the WHO, WHAT, and WHY of our security mission.
To the extent MedLogic collects personal information through its Offerings, MedLogic generally collects that information under the authority and direction of its customers, which often are corporate entities. MedLogic typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a corporate customer and subsequently analyze and use. Consequently, any inquiries about the specific processing of your personal information via MedLogic Offerings should be directed to your organization. Regardless, the use of the information collected through our Offerings is limited to the purpose of providing the service for which our customers have engaged MedLogic or as otherwise outlined in our agreements. We do not use any personal information collected through our Offerings to contact or market products or services to these individuals. We also do not provide any personal information obtained through the Offerings to third parties for the purpose of contacting or marketing products or services to these individuals.
If you are a user of one of our Offerings, we obtain the personal information you provide us during the sales and/or fulfillment process. We may use personal information collected such as your name, phone number, mailing address, and email address to contact you and to provide and inform you of Offerings, send you an invoice, determine how our offerings are used and enhance customer success, perform accounting, auditing and collection activities, answer questions, and provide support or other similar services.
6. How We Protect Your Information
The security of customer data and your personal information is not only important to us, it is our mission. We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of customer data and your personal information. We follow generally accepted practices to protect customer data and the personal information collected and submitted to us, both during transmission and once we receive it. If you have questions about the security of your personal information collected through our Offerings or Websites, you can contact us at email@example.com.
7. International Data Transfers
MedLogic’s mission is global, and therefore, we may store information in the United States and other locations worldwide where we or our service providers have facilities. Where applicable, MedLogic relies upon an adequate mechanism for the international transfer of personal information.
We recognize that both Privacy Shield Frameworks are no longer recognized as a legal means to transfer personal data from the EU and Switzerland to the U.S., however we retain the certification as evidence of our commitment to providing appropriate safeguards. MedLogic, Inc. and MedLogic Holdings, Inc. participates in and has certified compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. MedLogic is committed to subjecting personal information received from the European Economic Area (EEA), the United Kingdom, and Switzerland, in reliance on each Privacy Shield Framework to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
MedLogic is responsible for the processing of personal information it receives under each Privacy Shield Framework, and subsequently transfers personal information to a third party acting as an agent on our behalf. MedLogic complies with the Privacy Shield Principles for all onward transfers of personal information from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions. With respect to all such transfers, MedLogic is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, MedLogic may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. If you have any have any questions or complaints please contact us using the contact details provided at the bottom of this Privacy Notice.
8. Retention of Personal Information
We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures.
9. Your Data Protection Rights
Where MedLogic is a data controller it affords access, correction, and deletion rights to individuals. More specific rights are listed below.
9.1 European Economic Area, United Kingdom, and Switzerland
If you are a resident of the European Economic Area, United Kingdom, or Switzerland, your data protection rights are as follows:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting MedLogic using the contact details provided below or by email at firstname.lastname@example.org
- You can object to processing of your personal information, ask us to restrict processing of your personal data or request portability of your personal information. You can exercise these rights by contacting MedLogic using the contact details provided below or by email at email@example.com
- You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing, such as telemarketing, then please contact MedLogic using the contact details provided below or by email at firstname.lastname@example.org
- If MedLogic has collected and currently processes your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about MedLogic’s collection and use of your personal information.
9.2 California Consumer Protection Act
The California Consumer Protection Act (CCPA) provides consumers (California residents) with specific rights regarding the processing of their personal information. Section 2 of this Notice includes the categories of consumer personal information MedLogic has processed during the past 12 months. Subject to exceptions, you may request disclosure or request deletion of your personal information at any time by contacting MedLogic using the contact details provided below or by email at email@example.com
MedLogic responds to verifiable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. When contacting us, please provide us with detailed information about the personal information you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect your personal information. If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact the customer (“data controller”) that you interact with directly.
From the period of July 1, 2020 to July 1, 2021, MedLogic has not received any valid CCPA right requests from California consumers.
10. Changes to this Privacy Notice
MedLogic may update this Privacy Notice and its last modified date at any time to reflect changes to our information practices. If we make significant changes in how we use your personal information, we will notify you by email if feasible or by means of a notice on this Website. We encourage you to periodically review this page for the latest information on our privacy practices.
11. Contacting Us
If you have any questions about this Privacy Notice or our privacy practices, please contact us at:
Vice President, Privacy
3102 west end avenue suite 400
Nashville, TN 37203
If you are a current MedLogic customer and would like to sign up to receive subprocessor notifications, you can do so by emailing us at firstname.lastname@example.org
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.