Privacy Policy

1. Introduction

Medinova Ltd ("Medinova", "we", "us", "our"), a company registered in the United Kingdom, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Service").

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable. Medinova Ltd is the data controller for the purposes of data protection law.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide, including:

• Account Information: Name, email address, password, profile information, educational institution, role (educator/learner), professional credentials and registration details (where applicable), and professional qualifications;
• Contact Information: Email address, phone number, and correspondence with us;
• Educational Content: Case studies, questions, assessments, and other educational materials you create or submit;
• Communication Data: Messages, feedback, and support requests;
• Payment Information: Billing address, payment card details (processed securely through our payment processor).

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, interactions with content, learning progress, simulation performance, time spent on activities;
• Device Information: IP address, browser type, operating system, device identifiers, screen resolution;
• Log Data: Access times, pages viewed, referring URLs, clickstream data;
• Cookies and Similar Technologies: As described in Section 8.

2.3 Information from Third Parties

We may receive information from educational institutions (when they enrol you), authentication providers (if you use single sign-on), and analytics providers.

3. Legal Basis for Processing

Under UK and EU data protection law, we must have a legal basis for processing your personal data. We rely on the following bases:

• Contract Performance: Processing necessary to provide you with the Service and fulfil our contractual obligations;
• Legitimate Interests: Processing necessary for our legitimate interests, including improving the Service, ensuring security, preventing fraud, and conducting analytics, provided these interests are not overridden by your rights;
• Consent: Where you have given explicit consent for specific processing activities, such as marketing communications;
• Legal Obligation: Processing necessary to comply with our legal obligations;
• Vital Interests: Processing necessary to protect vital interests (in exceptional circumstances).

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service;
• Create and manage your account;
• Process transactions and send related information;
• Personalise your learning experience;
• Track and analyse your educational progress;
• Communicate with you about the Service, updates, and support;
• Send marketing communications (with your consent);
• Conduct research and analytics to improve our educational content and AI systems;
• Train and improve our artificial intelligence and machine learning models;
• Detect, prevent, and address technical issues, security threats, and fraudulent activity;
• Comply with legal obligations;
• Enforce our Terms of Service.

5. How We Share Your Information

We may share your information with:

5.1 Service Providers

Third-party vendors who perform services on our behalf, including cloud hosting, payment processing, email delivery, analytics, and customer support. These providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Educational Institutions

If you access the Service through an educational institution, we may share your usage data, progress, and performance information with authorised representatives of that institution.

5.3 Business Transfers

In connection with any merger, acquisition, financing, or sale of assets, your information may be transferred to the acquiring entity.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.5 Aggregated and Anonymised Data

We may share aggregated or anonymised data that cannot reasonably be used to identify you for research, analytics, and business purposes.

6. International Data Transfers

Your information may be transferred to, and processed in, countries other than the United Kingdom. These countries may have different data protection laws than the UK.

When we transfer data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Transfers to countries with an adequacy decision from the UK Secretary of State or European Commission;
• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office or European Commission;
• Binding Corporate Rules for intra-group transfers;
• Other lawful transfer mechanisms recognised under applicable law.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Our general retention periods are:

• Account Data: Retained while your account is active and for 3 years after account closure;
• Usage and Analytics Data: Retained for 5 years in identifiable form, then anonymised;
• Educational Content: Retained indefinitely as part of our educational resources (see Terms of Service regarding ownership);
• Financial Records: Retained for 7 years to comply with tax and accounting obligations;
• Marketing Preferences: Retained until you withdraw consent.

After the retention period, data is either securely deleted or anonymised for research and statistical purposes.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use information about you and your interaction with the Service. Cookies are small data files stored on your device.

8.1 Types of Cookies We Use

• Essential Cookies: Necessary for the Service to function. Cannot be disabled.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how visitors use the Service.
• Performance Cookies: Collect information about Service performance.

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. For more information, visit www.aboutcookies.org.

9. Your Data Protection Rights

Under UK and EU data protection law, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you;
• Right to Rectification: Request correction of inaccurate or incomplete data;
• Right to Erasure ('Right to be Forgotten'): Request deletion of your data in certain circumstances;
• Right to Restrict Processing: Request limitation of how we use your data;
• Right to Data Portability: Receive your data in a structured, machine-readable format;
• Right to Object: Object to processing based on legitimate interests or for direct marketing;
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent;
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affect you.

To exercise these rights, please contact us at [email protected]. We will respond within one month. We may request identity verification before processing your request.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest;
• Secure server infrastructure with access controls;
• Regular security assessments and penetration testing;
• Employee training on data protection;
• Incident response procedures;
• Regular backups and disaster recovery plans.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to read the privacy policies of any third-party services you visit.

13. AI and Machine Learning

Our Service uses artificial intelligence and machine learning technologies to enhance the educational experience. This includes:

• Generating educational content and simulations;
• Providing personalised learning recommendations;
• Analysing learning patterns and performance;
• Improving our AI models through aggregated and anonymised data.

Your data may be used to train and improve our AI systems. We implement safeguards to prevent the identification of individuals from AI training data.

14. Marketing Communications

With your consent, we may send you marketing communications about our products, services, and events. You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email;
• Updating your communication preferences in your account settings;
• Contacting us at [email protected].

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related messages.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Service with a new "Last updated" date, and where appropriate, by email. Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the modified policy.

16. Data Protection Officer

For matters related to data protection, please contact us at [email protected].

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: