The Medray group of companies will fully comply with the Global Data Protection Regulations EU 2016/679, within the Republic of Ireland (ROI) and the Data Protection regulations within the United Kingdom (UK). Management will oversee the evaluation of data types, the company’s role, and legal reasons for controlling or processing personal data and approve and review this policy annually. The Group Compliance manager will oversee data protection and act as the Data Protection Officer.
Medray store and process some personal data, such as contact names and contact details, along with the company data of customers. The data is provided by customers' consent, details are in sales contracts along with information on how a customer can see the information we hold and how we process it and raise any concerns. The data is processed to assess creditworthiness, deliver customer orders, and service requests and invoice for goods and services. Medray will only process the Personal Data only (i) as needed to provide the Services, (ii) in accordance with the specific instructions that it has received from the Customer, including with regard to any Transfers, and (iii) as needed to comply with the law (in which case, the Processor shall provide prior notice to Customer of such legal requirement, unless that law prohibits this disclosure).
Customers' electronic data that may contain patient identifiable information is from time to time processed to allow medical device troubleshooting and incident investigation. The data is in the form of labels on medical diagnostic images or equipment log files. The customer gives consent in service contracts for this. Occasionally, the device manufacturer (a sub processor) may need to see images or logs that could contact personal data, to resolve faults or complete investigations that Medray do not have the depth of knowledge/design information access to. The customer contracts to this via the service contract, but this personal data is only retained until issue is resolved. Where data is passed to an equipment manufacturer for sub processing, Medray will provide consent on behalf of a customer, at each event, along with required restrictions/security to be considered and how long it may be retained by sub processor.
Medray store and process some personal data, such as contact names and contact details, along with the company data of suppliers. The data is provided by supplier’s consent, details are in purchase contracts along with information on how a supplier can see information we hold and how we process it and raise any concerns. The data is processed to assess supplier capabilities and pay suppliers.