TL;DR Legal: We collect personal data when you use our services. This includes your use of our services as well as your interactions with us.
Some of this information is made available to third parties that allow us to provide you with services, such as WhatsApp and Twilio. Moreover, no matter what, we do not sell your data but solely use it for the service, and continuous improvement.
Review For You LTD values your privacy and therefore has set up this extensive Privacy Policy in order to notify you when your personal data is stored, what is being processed and what is being disclosed to other entities.
Though Review For You LTD is not an EU based organization, its privacy policy is the spirit of the GDPR and is in full and strict compliance with all Israeli privacy regulations.

Who Are We?
Review For You Ltd is an Israeli limited company. We operate the MedReviews website to provide users the ability to review medical professionals after they have been verified as patients or customers by us or by the clinic.

Are You Obligated To Provide Us With Personal Data?
No. You are under no legal obligation to provide us with any personal data. However, without providing us with personal data, we may not be able to provide you with our services or any portion thereof.

How Do We Collect Personal Data?
We collect data solely based on your use of our services; meaning by the way you browse and use our service, and the information you fill when engaging with website and forms.
If you are doctors, we will collect the data you fill in forms and when using our service. If you are patients, then we will collect the data that your doctor provided us (after receiving consent from you to provide us with it) and the data you fill in the applicable forms and pages.

What Personal Data Is Retained About You?
If you are doctors , we will retain data about your contact information, which includes your name, email address, phone, the location of your clinic, your professional experience, your education and entities that are in business arrangements with you. We may also retain payment details. If you send us photos of yourselves they may also be used.
If you are patients , we may retain your basic contact information that include an alias or name, your phone number for contacting, gender, additional contact information such as an email address and approximate location, a document to authenticate your relation to the doctor (such as an invoice) and the content of your review and the treatment you received and your specific review or rating according to our requested categories. We may also retain the IP from which the review was sent.
If you use our appointment scheduling service (including to check for availability) we will retain the name of the service that you requested to use, your contact information and IP address.
If you use our contact forms, we may also retain your contact information, including name, email address, phone number and contents of the form.
This data may be identifying or non-identifiable.

What Non-Personal Data Is Retained About You?
We retain some non-personally identifiable data, as described below.
When you use our service, we retain your activity on the service, and other information we may receive from you, provided that you were notified explicitly on such collection or retention. We retain technical data relating to your browsing such as browser type, extensions, definitions, viewed pages, your use of the service and technical data we receive.

Do We Process Your Personal Data?
We will use the retained data about you to provide you with the services, including providing reviews in a public manner, providing a doctor’s contact information, their professional experience and any data that may promote their business.
Should you use our contact forms, we will provide the data to the relevant entity which may also add you to their newsletters according to their own terms and with no affiliation to us. If you should use the forms to contact a doctor or make an appointment, they may use a third party to send you notifications about it without any affiliation to us.
We may send you updates and newsletters via email or text messages with promotional materials and advertisements, unless you notify us that you withdraw your consent to such message, and all in accordance with section 30A to the Telecommunication Act (Bezeq and Communications), 1982. Your registration to the website also means your consent to receive marketing calls according to section 16B to the Consumer Protection Act, 1981.
You may notify us of your refusal from any future material according to this section either by email or through our system.

Do We Use Cookies In Our Service?
A Cookie is a small file stored on your computer which is used in interaction between your computer and our servers (or third party servers). Cookies may sometimes be used to identify you. We use both first party and third party cookies. Your consent to use the services means you consent for our use of both types of cookies. Some of these cookies are hosted outside the EU.

Who has Access to Your Data?
We provide access to your data, solely to our employees and contractors, that are under strict confidentiality obligations. Our employees and contractors' use of your Personal Data is monitored.
If you are a patient, then doctors may have access to your contact details to verify your review.
When we provide information to third parties who provide us a portion of the services, they are also under an obligation to keep information confidential.

Which third parties do we use to process the Personal Data?
We use Google Analytics to monitor our user behaviour in the service, and Facebook to advertise our service. We use Monday as a task management tool and Vonage and Twilio for communication and messaging. We use iCount for accounting and AWS to host data. We use CreditGuard for clearing.
Each of these services is bound to us to protect your data under terms that are adherent to relevant Data Protection Laws.

Your Personal Data Rights

Right of Access and Rectification
You have the right to know what personal data we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. You can receive a copy of your personal data, and to rectify such personal data if it is not accurate, complete, or updated. However, we may first ask you to provide us with certain credentials to permit us to identify you before rectifying, deleting, or reviewing.
Right to Delete Personal Data or Restrict Processing and Right to Withdraw Consent
You have the right to withdraw your consent to the processing of your personal data. Exercising this right will not affect the lawfulness of processing your personal data based on your consent before its withdrawal. Please note that in most cases, withdrawal of your consent would most likely cause us to delete your personal data rather than cease processing.
You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
Right of Data Portability
Where technically feasible, you have the right to ask to transfer your personal data in accordance with your right to data portability. In order to apply for this, please contact us.
The Right to Lodge a Complaint
You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Your California Privacy Rights and Do Not Track Notices
We do not convey your personal data to third parties for direct marketing purposes. However, if we did, then the California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes.
To make such a request, please send us an email, and we will let you know that none of your personal data was shared. We are only required to respond to one request per customer each calendar year.

Your Brazilian LGPD Rights
Notwithstanding anything in this privacy policy, you may exercise your LGPD rights, including your rights for (i) confirmation of the existence of the processing; (ii) access to the data; (iii) correction of incomplete, inaccurate or out-of-date data; (iv) anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD; (v) portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency; (vi) deletion of personal data processed with your consent, except in the situations provided in Art. 16 of the LGPD; (vii) information about public and private entities with which the controller has shared data; (viii) information about the possibility of denying consent and the consequences of such denial; (ix) revocation of consent as provided in §5 of Art. 8 of the LGPD.

We respond to “Do Not Track” signals
If you do not wish your browser to allow us to use trackers, please use your browser’s “Do Not Track” option.

Exercising Your Rights
We acknowledge you have the right to access and change the Personal Data we collect and process. If you wish to access or to correct, amend, or delete Personal Data, please send us an email. We will respond within a reasonable timeframe, but in any event, no later than permitted by applicable law.

What Can You Do If You Feel Your Privacy Was Invaded?
If You feel your privacy was invaded, you can always contact our privacy officer, by email or through our contact form, and file a complaint, our privacy officer will inspect the complaints within reasonable time and send you and answer promptly, our privacy officer also publishes periodical reports about such complaints, which you can find on our website or contact us directly. You can contact our privacy officer by email at info@medreviews.com

Duration and Location of Data Retention
We retain the data on AWS’s Europe Servers.
We retain data for as long as it is needed, both to provide the service and enforce legal rights. We may anonymize personal data after it is no longer needed.

Data Breach
In an event of a data breach, we will act in accordance to law and notify you if applicable.

Our Data Protection Officer
Our data protection officer is Vadim Drabkin You can contact her directly at , or write to: info@medreviews.com