How we protect your information
Mediwave Digital operates in the United Kingdom (Mediwave Digital (UK) Limited) and India (Mediwave Digital Private Limited). Our mission is to develop digital products and services that positively impact people. By combining design, technology, and healthcare expertise, our dedicated team delivers innovative and effective solutions.
To carry out our business, we may need to acquire and process some personal information from you. This privacy notice tells you what to expect when Mediwave Digital collects personal information. It applies to information we collect about people who engage with us through:
people who contact us through our website
visitors to our office
people who contact Mediwave in a professional capacity to enquire about our services or engage us as a supplier
people who take part in user research or user testing for our products
people who contact us about job opportunities, both speculatively and to apply to a specific job advertisement
people who contact us with an enquiry or a complaint, or to ask for information we have about them (a subject access request)
people who undertake tasks for Mediwave Digital: staff, contractors, consultants, and volunteers (information about how we process their personal information can be found in the Internal Privacy Notice)
If you use one of the services we have designed/built, your personal information is generally stored and processed by the organisation that commissioned Mediwave to carry out the work. Please see the specific privacy notice on the site you use.
people who engage with Mediwave Digital via our social media accounts, for example, LinkedIn, Facebook, Instagram or X (formerly Twitter).
To collect, create, or otherwise process your personal information, Mediwave Digital (as data controller) must have a legal basis for doing so under data protection legislation.
For UK and EU users, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (2018).
For India users, we comply with the Digital Personal Data Protection Act (DPDP, 2023) and the Information Technology (IT) Act, 2000.
In most cases, we hold and process your data under legitimate interestand/or for contractual or legal reasons. Depending on the circumstances, we may also process your personal information because you, or your legal representative, have given us your consent (which you can withdraw at any time). We do not require your consent to process your personal information if:
you have entered into a contract with us
you have made this information publicly available yourself
it is required by law
it is necessary for legal cases
it is necessary to protect someone in an emergency
it is to the benefit of the public in general
it is necessary for employment purposes
Third parties will not have access to your personal information unless the law allows them to do so.
Data processors are third parties who provide elements of our services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
We will only share your information if there is a legal basis in which to do so (like a court order in the UK or India).
We keep your personal information for no longer than is necessary, considering:
any laws or regulations that we are required to follow in the UK and India.
whether we are in a legal or other type of dispute
the type of information that we hold about you
whether you are still signed up for our services
retention in case of queries: we will retain data for a reasonable period
retention in case of claims: we will retain data for the period in which you might legally bring claims against us (six years in the UK this and in accordance with DPDP data retention principles in India).
If you would like further information about our information retention practices, please contact us atdataprotection@mediwavedigital.com
Data protection legislation gives you various rights over your information. These may include (as relevant) the right to:
Access information held about you: you must provide us with a valid ID, and with enough information to enable us to identify your personal information. In certain circumstances, under data protection legislation, we may not be required to provide all the details of personal information held.
Amend and rectify inaccurate personal information and notify any third-party recipients of the necessary changes.
Request restriction of information processing concerning you or object to the processing of your personal information.
Request the erasure of your personal information where it is no longer necessary for us to retain it.
Data portability, including obtaining personal information in a commonly used, machine-readable format in certain circumstances, such as where our processing of it is based on consent. This is to assist you if you wish to transfer your information to another organisation.
Object to automated decision-making, including profiling (if any). Note. We do not carry out any automated decision-making of any kind.
Withdraw your consent to any processing for which you have previously given that consent, without affecting the lawfulness of any processing based on your consent before its withdrawal.
Please use the details in the Contact Us section below if you wish to exercise any rights. We endeavour to acknowledge requests within three working days and to supply the appropriate response and information promptly and within the relevant statutory timescale (usually one month).
To exercise these rights, please contact dataprotection@mediwavedigital.com. We will acknowledge your request within three working days and respond within one month.
We store and process all personal data in line with the General Data Protection Regulations (UK GDPR) and the Digital Personal Data Protection Act (DPDP, 2023) in India. Personal data is primarily processed within the EU, UK and India, following strict security and compliance measures.
Mediwave Digital takes the technical and organisational security of all the information it holds very seriously. Our security measures include:
For any data protection queries, you can contact our Data Protection Team at:
Email: dataprotection@mediwavedigital.com
We will respond within 10 days of receiving your enquiry.
If you are unsatisfied with how we handle your data, you may contact:
For UK users - Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk/global/contact-us/
For Indian users - Data Protection Board of India (DPB)
Government of India (details to be updated upon regulatory confirmation)
Website: (to be updated as DPB formalises its complaint handling process)