Munroe Sutton Privacy Policy

Munroe Sutton, LLC ("We," "us," or "our") are committed to protecting and respecting your privacy. We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Munroe Sutton LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Munroe Sutton is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

This policy together with our terms of use and any other documents referred to on it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.

For the purposes of the Data Protection Act 1998 ("the Act") the data controller is Munroe Sutton LLC of 8th Floor 20 Farringdon Street, London, EC4A 4AB.

Information We May Collect From You

We may collect and process the following data about you:

Personal data, or personal information, means any information about an individual from which that person can be identified (directly or indirectly) or to which the person can reasonably be linked. It does not include anonymized data.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data such as first name, last name, account password, and signature.
  • Membership Data: if you're a member:
    • information that allows us to administer your membership and provide our services to you (membership period, membership fee, your health discount plan ("plan"), details of your employer or the organisation arranging the membership for you, etc.); and
    • the information your employer, or the organisation arranging the membership for you, shares with us and other providers to allow you to receive the benefit of membership and other related services.
  • Contact Data such as mailing address, service address, email address, telephone number, and fax number.
  • Demographic Data such as gender, age, country of origin, marital status, number and ages of children, languages spoken, and employer.
  • Transaction Data such as details about products and services you inquired about, considered, and/or purchased from us and how you use those products and services, account information and status, and member benefits.
  • Financial and Payment Data such as credit/debit card number and expiration date, checking account and routing number, and check and credit/debit card images.
  • Marketing and Communications Preference Data such as your preferences in receiving marketing from us and your communication preferences.
  • Audio and Visual Data such as recordings of telephone conversations with us.
  • Communications Data such as copies of chat, text message, mail, and email conversations with us.
  • Geolocation Data such as your approximate geolocation based on indicators from websites or mobile devices  or your post code to allow our search tool to find a practitioner as close to your work or home address as possible.
  • Internet and Other Network Data such as IP address, browsing history, search history, and information about your interaction with our site, mobile application, or advertisements including information collected by cookies and similar technologies.

IP Addresses and Cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

  • to estimate our audience size and usage pattern;
  • to store information about your preferences, and so allow us to customise our site according to your individual interests;
  • to speed up your searches;
  • to recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

Notice

When we collect your personal information, we'll give you timely and appropriate notice describing what personal information we're collecting, how we'll use it, and the types of third parties with whom we may share it.

Accuracy

We'll take appropriate steps to make sure the personal information in our records is accurate.

Where we Store your Personal Data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or one of our contactors. By submitting your personal data, you agree to this transfer, storing or processing. Munroe Sutton LLC will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We'll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.

We'll keep your personal information only as long as we need it for the purposes for which we collected it, or as permitted by law.

Uses Made of the Information

We use information held about you in the following ways:

  • to ensure that content from our site is presented in the most effective manner for you and to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
  • to carry out our obligations arising from any contracts entered into between you and us;
  • to allow you to participate in interactive features of our service, when you choose to do so; and
  • to notify you about changes to our service.

We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post, telephone, or email.

If you are an existing customer, we will only contact you by electronic means with information about goods and services similar to those which were the subject of a previous sale to you.

If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. We will provide you opt-out or opt-in options before we share your data with third parties other than our agents, or before we

use it for a purpose other than which it was originally collected or subsequently authorized. In cases of onward transfer to third parties of data of EU and UK individuals received, Munroe Sutton is potentially liable.

In summary, we'll give you choices about the ways we use and share your personal information, including choices about limiting the use and disclosure of your personal data, and we'll respect the choices you make.

Disclosure of your Information

We may disclose your personal information to third parties:

The types of service providers we use to whom we may share one or more categories of personal data include:

  • Fulfillment and account servicing which help us provide products, services and information to you, service your account or benefits, and perform payment processing services
  • Administering your membership: your employer or the organisaton arranging a membership for you, insurance brokers or insurance companies (as applicable) or the practitioners you engage, but only when this is relevant and necessary to administer your membership and/or other services we provide;
  • Marketing and communications providers, which help us market our products/services to you, conduct promotions, surveys and other outreach campaigns;
  • Research and development providers, which help us develop and improve our products and services;
  • Data and business analytics providers, which help us collect, analyze and improve the accuracy of our data (including personal data);
  • IT and network administration providers, which provide services such as data storage and management, website hosting, apps management and data security;
  • Professional service firms, which provide accounting, legal, and other professional services; and
  • General service providers, which help us with day-to-day business operations such as office support services, mail processing, courier services, facilities management, and document destruction.
  • HM Revenue & Customs, regulators and other UK or EU/EEA authorities (as applicable) who require reporting of processing activities in certain circumstances.
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Munroe Sutton LLC or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of Munroe Sutton LLC, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • We also may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

International Transfer

If we transfer your personal information to another country, we'll take appropriate measures to protect your privacy and the personal information we transfer.

In compliance with the DPF, Munroe Sutton commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. European Union and United Kingdom individuals with inquiries or complaints regarding our handling of personal data in reliance on the DPF should first contact Munroe Sutton at: [email protected]

Munroe Sutton has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

Your Rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise your right at any time by contacting us at 8th Floor 20 Farringdon Street, London, EC4A 4AB or by email at [email protected].
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Access to Information

The Act gives you the right to access, correct, or delete information held about you. Your right of access can be exercised in accordance with the Act by contacting us at 8th Floor 20 Farringdon Street, London, EC4A 4AB or by email at [email protected]. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Privacy Complaints by European Union Citizens

We commit to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this privacy policy should first contact Munroe Sutton at: 8th Floor 20 Farringdon Street, London, EC4A 4AB or by email at [email protected].

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.

Enforcement

We'll regularly review how we're meeting these privacy promises, and we'll provide an independent way to resolve complaints about our privacy practices.

Contact

Questions, comments, complaints and requests regarding this privacy policy are welcomed and should be addressed to 8th Floor 20 Farringdon Street, London, EC4A 4AB or by email at [email protected].