OMS Privacy Policy


Your privacy is important to us. This privacy statement explains what personal data Oxford Medical Simulation Ltd ("OMS”) collects from you, through our products and how we use that data.

OMS serves a number of group of users in different ways. References to products in this statement include OMS services, which are offered through our websites and app. Please read product-specific details in this privacy statement, which provide additional information about some OMS products.

This policy applies to any users of the services of OMS or its affiliates anywhere in the world, and to anyone else who contacts OMS or otherwise submits information to OMS, unless noted below.


1. Data Protection Principles

We are committed to complying with data protection law and principles, which means that your data will be:


2. Collection of Personal Information

OMS acts as the data processor and/or the data controller for the information you or your institution provide or that is collected by OMS or its affiliates. OMS collects data to operate effectively as a business and to provide you, the user, with tailored services and products.

You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary in order for us to provide services to you, you may not be able to use that product.

We provide further information, below, on the types of personal data we obtain and how we use them, throughout your use of our service and products.


3. How OMS uses Personal Information

OMS uses your personal information for the following reasons:


4. Choices and Transparency

In this section, we have summarized the rights that you have under data protection law. The information we provide in this section is a brief summary of your rights under data protection law and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:

You have the right to confirmation as to whether or not we hold or process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data being unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

You have the right to request that your personal data is no longer processed for example, due to the inaccuracy of the data or the reason for the data being processed.

If you have given additional consent for your data to be shared to a third party, including academic institutions, medical device companies and pharmaceutical companies, you have the right to withdraw this consent at any time. You have the right to request that your personal data be transferred to another party.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you opted in to third party marketing communications when you registered, you may opt-out at any time within the app, or by emailing generalcounsel@oxfordmedicalsimulation.com.

Lastly, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

You may exercise any of your rights in relation to your personal data by written notice to us or by any of the methods specified in section.

To contact us in relation to any of these requests, please use the email address generalcounsel@oxfordmedicalsimulation.com.


5. Duration of Data Retention

OMS retains personal data for as long as necessary to provide our products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes a baseline for data retention is the length of time required to store and analyse the data for the purpose it was collected (as described in section 3). Moreover, we are required to maintain appropriate business records, and this may include records of assessments used for compliance. Where possible, data that can be anonymised may be retained for research and development purposes to continue improvement of the OMS platform.


6. Information Security and International Transfers

OMS is committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes, the Heroku platform, which is owned by Salesforce and is built on Amazon Web Services “AWS” architecture. OMS uses separate AWS storage containers and databases in the US and in Ireland (EU).


7. Changes to this Privacy Policy and Further Information

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at www.oms-app.com/privacy. If we make a change to this policy that, in our sole discretion, is material, we will notify you via an app notification or email to the email address associated with your account. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Policy.

If you would like further information about privacy at OMS, you will find more information, please contact us at generalcounsel@oxfordmedicalsimulation.com.