Latest updated: 28th October, 2021
Onex is committed to protecting the privacy of its Users whose information is collected and stored while using Onex’s Platform through our Website.
WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE PROVISION OF OUR SERVICES TO YOU.
WHAT INFORMATION DO WE COLLECT?
- Information you give us. This is information about you that you give us by filling in forms on our site www.medicalonex.com (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, and when you report a problem with our site. The information you give us may include your name, business address, e-mail address and phone number, financial and credit card information, personal description, photograph, and other business or personal information.
- Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend Cookies.
HOW DO WE COLLECT INFORMATION?
We collect personal information from you in the following ways:
- At registration on our Website;
- In email, text, and other electronic messages between you and our Website;
- Through mobile and desktop applications your downloads from our Website, which provides dedicated non-browser based interaction between you and our Website;
- From you placing an order, which includes details of transactions you carry out on our Website;
- When you subscribe to a newsletter;
- From your responses to a survey;
- From forms filled out by you;
- From search queries on our Website; and
- When you post information to be published or displayed on our Website.
We collect information from you automatically when you navigate through our Website in the following ways:
- Usage details;
- IP addresses;
- Information obtained through browser cookies;
- Information obtained through flash cookies;
- Web beacons on our Website;
- Web beacons on emails sent by us; and
- Other tracking technologies.
HOW DO WE USE YOUR INFORMATION?
We use the information that you provide to:
- Personalize your experience in using our Platform;
- Provide you with information, products, or services requested from us;
- Present our Website and their contents to you;
- Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
- Notify you about changes to our Website and any products or services;
- Allow you to participate in interactive features on our Website;
- Improve the Website;
- Improve our customer service;
- Administer contests, promotions, and surveys or other Website features;
- Process transactions;
- Contact you about our products and services that may be of interest;
- Enable the display of advertisements to our advertisers’ target audiences, although personal information is not shared with advertisers without your consent; and
- Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in Section 14, via the email address provided by you to (i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders and send information and updates pertaining to such orders; (iii) send additional information related to your product and/or service; and (iv) market to our mailing list or continue to send email to you after the original transaction has occurred.
DISCLOSURE OF YOUR PERSONAL INFORMATION
You agree that we have the right to share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties including:
- business partners, manufacturers, distributors, suppliers and subcontractors for the performance of any contract entered into by you through our site;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
- analytics and search engine providers that assist us in the improvement and optimisation of our site.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If Onex or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Except for essential cookies, all cookies will expire after six years.
We allow third party behavioral tracking and links to third-party web pages. Occasionally, at our discretion, we may include or offer third-party products or services on our Website. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website and welcome any feedback at about these sites. Please contact us at [email protected].
HOW DO WE PROTECT INFORMATION WE COLLECT?
Our Website use an SSL certificate as an added security measure. We require username and passwords for our employees who can access your personal information that we store and/or process on our Platform and servers. In addition, we actively prevent third parties from getting access to your personal information that we store and/or process on our Platform and servers. We will implement reasonable security measures every time you (a) place an order, (b) enter, submit, or access your information, or (c) register on our Website.
DATA SECURITY MEASURES.
- Security Measures. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website.
- Fair Information Practice Principles. In the event of a personal data breach, we will notify you within 72 hours via (i) email and/or (ii) our Platform notification system on our Website. We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
DISCLOSURE OF PERSONAL INFORMATION
There are times when we may share Personal Information that you have shared with us may be shared by Onex with others to enable us to provide you over Services, including contractors, service providers, and third parties (“Partners”). This section discusses only how Onex may share such information with Partners. We will ensure that our Partners protect your Personal Information. The following describe how and with whom we may share your Personal Information:
Disclosure of Personal Information.
- We may disclose aggregated, de-personalized information about you that does not identify any individual to other parties without restriction, such as for marketing, advertising, or other uses.
- We may disclose personal information to our subsidiaries and affiliates.
- We require all contractors, service providers, and other third parties to whom we disclose your personal information to be under contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose them.
- We may disclose personal information in the event of a merger, sale of business, etc.
- We require all other Partners, to whom we disclose your personal information, to enter into contracts with us to keep personal information confidential and use it only for the purposes for which we disclose it to such Partners.
- We may disclose personal information for any other purpose for which you have provided it.
- Other Disclosure of Personal Information.
- Third Party Disclosure.
- We do not sell, trade, rent, or otherwise transfer personal information to others, unless we provide you with advance notice. This does not include our hosting partners and other parties who assist us in operating our Website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
- We do not provide non-personally identifiable visitor information for marketing purposes.
- Choices Users Have About How Onex Uses and Discloses Information.
- Disclosure of Users’ Information for Third-Party Advertising. Users can opt-out by (i) checking the relevant form when we collect the data; (ii) logging into the Website and adjusting their preferences in their account profile by checking or unchecking the relevant boxes, or (iii) emailing us their opt-out request at [email protected]. Users receiving promotional email can opt-out by sending a return email requesting to be omitted from future promotional email distributions. This opt-out will not apply to information provided by Onex for product purchases, warranty registration, or other transactions.
- Disclosure of User’s Information for Targeted Advertising. Users can opt-out by (i) checking the relevant form when we collect the data, (ii) logging into the Website and adjusting their preferences in their account profile by checking or unchecking the relevant boxes, or (iii) emailing us their opt-out request at [email protected].
GOOGLE ADSENSE AND GOOGLE ANALYTICS
We have implemented advertising features on our Website including: (a) remarketing with Google AdSense; (b) Google Display Network Impression Reporting; (c) Google Demographics and Interests Reporting; and (d) Google’s DoubleClick platform integration.
We use these Cookies to compile data regarding User interactions with ad impressions and other ad service functions as they relate to our Website.
FOR OUR EUROPEAN CUSTOMERS AND VISITORS
We are headquartered in the United States. Your Personal Information, which you give to us during registration or use of our Website, may be accessed by or transferred to us in the United States. If you are visiting our Web site or registering for our Services from outside the United States, be aware that your Personal Information may be transferred to, stored, and processed in the United States. Our servers or our third-party hosting services partners are located in the United States. By using our site, you consent to any transfer of your Personal Information out of Europe, UK, or Switzerland for processing in the US or other countries.
Obligations of the data importer (processors)
The data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organizational security measures before processing the personal data transferred;
- that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
- any accidental or unauthorized access, and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
Obligations of the data exporter
The data exporter agrees and warrants:
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to make available to the data subjects upon request a copy of the Clauses, with a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; and
- that, in the event of sub-processing, the processing activity is carried out in at least the same level of protection for the personal data and the rights of the data subject as the data importer under the Clauses.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred above by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph a against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to above, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
- If you are a resident of or a visitor to Europe, you have certain rights with respect to the processing of your Personal Data, (referred here as Personal Information), as defined in the GDPR.
- Please note that in some circumstances, we may not be able to fully comply with your request, or we may ask you to provide us with additional information in connection with your request, which may be Personal Information, for example, if we need to verify your identity or the nature of your request.
- In such situations, however, we will still respond to let you know of our decision. As used herein, “Personal Information” means any information that identifies you as an individual, such as name, address, email address, IP address, phone number, business address, business title, business email address, company, etc.
- To make any of the following requests, please contact us (i) via email at [email protected], or (ii) by writing to us at Onex Medical, Ltd., 16 Khatem Tower, ADGM Square, Al Maryyah Island, 111999 Abu Dhabi, United Arab Emirates.
- Access: You can request more information about the Personal Information we hold about you. You can also request a copy of the Personal Information.
- Rectification: If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
- Objection: You can contact us to let us know that you object to the collection or use of your Personal Information for certain purposes.
- Erasure: You can request that we erase some or all of your Personal Information from our systems.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
- Portability: You have the right to ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our Services or Platform and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services and Platform.
- Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State. Please go to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to locate your Data Protection Authority.
- Response. We will respond to your inquiry within thirty (30) days of the receipt.
YOUR PRIVACY RIGHTS
Onex does not sell, trade, or otherwise transfer to outside third parties your “Personal Information” as the term is defined under the California Civil Code Section § 1798.82(h). Additionally, California Civil Code Section § 1798.83 permits Users of our Website that are California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes. To make a request for such disclosure, or identification and/or deletion of Personal Information in all our systems that we store on you, please send an email to [email protected] or write us at Onex Medical, Ltd., 16 Khatem Tower, ADGM Square, Al Maryyah Island, 111999 Abu Dhabi, United Arab Emirates.
Note that (i) if we delete your Personal Information as requested, we will no longer be able to provide our services to you and (ii) we may need to keep such Personal Information for a while during the shutting down and billing process. If you would like to discuss our Personal Information storage and processing process with us, please send us an email at [email protected] or write us at Onex, Inc., 16 Khatem Tower, ADGM Square, Al Maryyah Island, 111999 Abu Dhabi, United Arab Emirates.
COPPA COMPLIANCE (FOR CHILDREN UNDER 13 USERS ONLY)
The Children’s Online Privacy Protection Act (“COPPA”) is a federal legislation that applies to entities that collect and store “Personal Information,” as the term is defined under COPPA, from children under the age of 13. We are committed to ensure compliance with COPPA. Our Website are not meant for use by children under the age of 13. Our Website do not target children under the age of 13, but we do not age-screen or otherwise prevent the collection, use, and personal disclosure of persons identified as under 13. If you would like to know more about our practices and specifically our practices in relation to COPPA compliance, please email us at [email protected].
IF YOU ARE UNDER 13, PLEASE DO NOT ACCESS OR USE OUR WEBSITE.
CAN-SPAM ACT OF 2003
The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out penalties for violations. Per the CAN-SPAM Act, we will:
- not use false or misleading subjects or email addresses;
- identify the email message as an advertisement in some reasonable way;
- include the address of Onex Medical, Ltd., which is 16 Khatem Tower, ADGM Square, Al Maryyah Island, 111999 Abu Dhabi, United Arab Emirates;
- monitor third-party email marketing services for compliance, if one is used;
- honor opt-out/unsubscribe requests quickly; and
- give an “opt-out” or “unsubscribe” option.
If you wish to opt out of email marketing, follow the instructions at the bottom of each email or contact us at [email protected] and we will promptly remove you from all future marketing correspondences.
LIST OF THIRD-PARTY SERVICE PROVIDERS
Name of Third-Party Service Provider
Amazon Web Services Inc.
Address: 410 Terry Avenue North, Seattle, Washington 98109-5210, United States
SG Hosting Inc. (SiteGround)
Address: 901 N. Pitt St, Suite 325, Alexandria, Virginia 22314, United States
Additionally, if you have any questions or concerns about our third-party service providers, please email us at [email protected].
COPYRIGHT INFRINGEMENT/DMCA NOTICE
If you believe that any content on our Website violates your copyright, and you wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to the Digital Millennium Copyright Act of 1998 (“DMCA Takedown Notice”)) must be provided to our designated Copyright Agent.
- Your physical or electronic signature;
- Identification of the copyrighted work(s) that you claim to have been infringed;
- Identification of the material on our Website that you claim is infringing and that you request us to remove;
- Sufficient information to permit us to locate such material;
- Your address, telephone number, and email address;
- A statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and
- A statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner.
Onex’s Copyright Agent to receive DMCA Takedown Notices is Jamal Abu Samra, at [email protected]
and at Onex Medical, Ltd., Attn: DMCA Notice, 16 Khatem Tower, ADGM Square, Al Maryyah Island, 111999 Abu
Dhabi, United Arab Emirates. You acknowledge that for us to be authorized to take down any content, your
DMCA Takedown Notice must comply with all the requirements of this Section. Please note that, pursuant to 17
U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification
automatically subjects the complaining party to liability for any damages, costs and attorney’s fees
incurred by Onex in connection with the written notification and allegation of copyright
‘GMDN’ is a registered trade mark of The GMDN Agency. All rights reserved. The copyright and database rights in the original GMDN materials are owned by The GMDN Agency Ltd 2005-2021. Used under licence from The GMDN Agency Ltd.
- Privacy Officer
- Email: [email protected]
- Address: Onex Medical, Ltd., 16 Khatem Tower, ADGM Square, Al Maryyah Island, 111999 Abu Dhabi, United Arab Emirates.